[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/files/, www-servers/nginx/

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/files/, www-servers/nginx/

[Zac Medico]

commit:     85509ccf9222c448b6c6986b6b3efe18e3cba6cc
Author:     Zac Medico <zmedico <AT> gentoo <DOT> org>
AuthorDate: Thu Apr 21 20:49:11 2016 +0000
Commit:     Zac Medico <zmedico <AT> gentoo <DOT> org>
CommitDate: Thu Apr 21 20:49:11 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=85509ccf

www-servers/nginx: fix nginx_modules_upstream_check for 1.8.1 (bug 580764)

Package-Manager: portage-2.2.28

 www-servers/nginx/files/check_1.7.2+.patch | 201 -----------------------------
 www-servers/nginx/nginx-1.8.1.ebuild       |   2 +-
 2 files changed, 1 insertion(+), 202 deletions(-)

diff --git a/www-servers/nginx/files/check_1.7.2+.patch b/www-servers/nginx/files/check_1.7.2+.patch
deleted file mode 100644
index 50405a5..0000000
--- a/www-servers/nginx/files/check_1.7.2+.patch
+++ /dev/null
@@ -1,201 +0,0 @@
-commit 21116e1c0bba730ca59327ffba9320bc63f11462
-Author: Johan Bergström <bugs@bergstroem.nu>
-Date:   Thu Jun 19 10:17:22 2014 +1000
-
-    Add support for upstream_check to nginx 1.7.2
-
-diff --git src/http/modules/ngx_http_upstream_ip_hash_module.c src/http/modules/ngx_http_upstream_ip_hash_module.c
-index 148d73a..be9e03d 100644
---- src/http/modules/ngx_http_upstream_ip_hash_module.c
-+++ src/http/modules/ngx_http_upstream_ip_hash_module.c
-@@ -9,6 +9,9 @@
- #include <ngx_core.h>
- #include <ngx_http.h>
- 
-+#if (NGX_UPSTREAM_CHECK_MODULE)
-+#include "ngx_http_upstream_check_handler.h"
-+#endif
- 
- typedef struct {
-     /* the round robin data must be first */
-@@ -212,6 +215,15 @@ ngx_http_upstream_get_ip_hash_peer(ngx_peer_connection_t *pc, void *data)
-             goto next_try;
-         }
- 
-+#if (NGX_UPSTREAM_CHECK_MODULE)
-+        ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0,
-+            "get ip_hash peer, check_index: %ui",
-+             peer->check_index);
-+        if (ngx_http_check_peer_down(peer->check_index)) {
-+            goto next_try;
-+        }
-+#endif
-+
-         if (peer->max_fails
-             && peer->fails >= peer->max_fails
-             && now - peer->checked <= peer->fail_timeout)
-diff --git src/http/modules/ngx_http_upstream_least_conn_module.c src/http/modules/ngx_http_upstream_least_conn_module.c
-index dbef95d..14e9e40 100644
---- src/http/modules/ngx_http_upstream_least_conn_module.c
-+++ src/http/modules/ngx_http_upstream_least_conn_module.c
-@@ -9,6 +9,9 @@
- #include <ngx_core.h>
- #include <ngx_http.h>
- 
-+#if (NGX_UPSTREAM_CHECK_MODULE)
-+#include "ngx_http_upstream_check_handler.h"
-+#endif
- 
- typedef struct {
-     ngx_uint_t                        *conns;
-@@ -203,6 +206,16 @@ ngx_http_upstream_get_least_conn_peer(ngx_peer_connection_t *pc, void *data)
-             continue;
-         }
- 
-+#if (NGX_UPSTREAM_CHECK_MODULE)
-+        ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0,
-+                "get least_conn peer, check_index: %ui",
-+                peer->check_index);
-+
-+        if (ngx_http_check_peer_down(peer->check_index)) {
-+            continue;
-+        }
-+#endif
-+
-         if (peer->max_fails
-             && peer->fails >= peer->max_fails
-             && now - peer->checked <= peer->fail_timeout)
-@@ -256,6 +269,16 @@ ngx_http_upstream_get_least_conn_peer(ngx_peer_connection_t *pc, void *data)
-                 continue;
-             }
- 
-+#if (NGX_UPSTREAM_CHECK_MODULE)
-+            ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0,
-+                    "get least_conn peer, check_index: %ui",
-+                    peer->check_index);
-+
-+            if (ngx_http_check_peer_down(peer->check_index)) {
-+                continue;
-+            }
-+#endif
-+
-             if (lcp->conns[i] * best->weight != lcp->conns[p] * peer->weight) {
-                 continue;
-             }
-diff --git src/http/ngx_http_upstream_round_robin.c src/http/ngx_http_upstream_round_robin.c
-index 37c835c..43ccdcf 100644
---- src/http/ngx_http_upstream_round_robin.c
-+++ src/http/ngx_http_upstream_round_robin.c
-@@ -9,6 +9,9 @@
- #include <ngx_core.h>
- #include <ngx_http.h>
- 
-+#if (NGX_UPSTREAM_CHECK_MODULE)
-+#include "ngx_http_upstream_check_handler.h"
-+#endif
- 
- static ngx_http_upstream_rr_peer_t *ngx_http_upstream_get_peer(
-     ngx_http_upstream_rr_peer_data_t *rrp);
-@@ -88,6 +91,14 @@ ngx_http_upstream_init_round_robin(ngx_conf_t *cf,
-                 peer[n].fail_timeout = server[i].fail_timeout;
-                 peer[n].down = server[i].down;
-                 peer[n].server = server[i].name;
-+#if (NGX_UPSTREAM_CHECK_MODULE)
-+                if (!server[i].down) {
-+                    peers->peer[n].check_index =
-+                        ngx_http_check_add_peer(cf, us, &server[i].addrs[j]);
-+                } else {
-+                    peers->peer[n].check_index = (ngx_uint_t) NGX_ERROR;
-+                }
-+#endif
-                 n++;
-             }
-         }
-@@ -144,6 +155,15 @@ ngx_http_upstream_init_round_robin(ngx_conf_t *cf,
-                 peer[n].fail_timeout = server[i].fail_timeout;
-                 peer[n].down = server[i].down;
-                 peer[n].server = server[i].name;
-+#if (NGX_UPSTREAM_CHECK_MODULE)
-+                if (!server[i].down) {
-+                    backup->peer[n].check_index =
-+                        ngx_http_check_add_peer(cf, us, &server[i].addrs[j]);
-+                }
-+                else {
-+                    backup->peer[n].check_index = (ngx_uint_t) NGX_ERROR;
-+                }
-+#endif
-                 n++;
-             }
-         }
-@@ -203,6 +223,9 @@ ngx_http_upstream_init_round_robin(ngx_conf_t *cf,
-         peer[i].current_weight = 0;
-         peer[i].max_fails = 1;
-         peer[i].fail_timeout = 10;
-+#if (NGX_UPSTREAM_CHECK_MODULE)
-+        peers->peer[i].check_index = (ngx_uint_t) NGX_ERROR;
-+#endif
-     }
- 
-     us->peer.data = peers;
-@@ -312,7 +335,9 @@ ngx_http_upstream_create_round_robin_peer(ngx_http_request_t *r,
-         peer[0].current_weight = 0;
-         peer[0].max_fails = 1;
-         peer[0].fail_timeout = 10;
--
-+#if (NGX_UPSTREAM_CHECK_MODULE)
-+        peers->peer[0].check_index = (ngx_uint_t) NGX_ERROR;
-+#endif
-     } else {
- 
-         for (i = 0; i < ur->naddrs; i++) {
-@@ -352,6 +377,9 @@ ngx_http_upstream_create_round_robin_peer(ngx_http_request_t *r,
-             peer[i].current_weight = 0;
-             peer[i].max_fails = 1;
-             peer[i].fail_timeout = 10;
-+#if (NGX_UPSTREAM_CHECK_MODULE)
-+            peers->peer[i].check_index = (ngx_uint_t) NGX_ERROR;
-+#endif
-         }
-     }
- 
-@@ -411,6 +439,12 @@ ngx_http_upstream_get_round_robin_peer(ngx_peer_connection_t *pc, void *data)
-             goto failed;
-         }
- 
-+#if (NGX_UPSTREAM_CHECK_MODULE)
-+        if (ngx_http_check_peer_down(peer->check_index)) {
-+            goto failed;
-+        }
-+#endif
-+
-     } else {
- 
-         /* there are several peers */
-@@ -508,6 +542,12 @@ ngx_http_upstream_get_peer(ngx_http_upstream_rr_peer_data_t *rrp)
-             continue;
-         }
- 
-+#if (NGX_UPSTREAM_CHECK_MODULE)
-+        if (ngx_http_check_peer_down(peer->check_index)) {
-+            continue;
-+        }
-+#endif
-+
-         if (peer->max_fails
-             && peer->fails >= peer->max_fails
-             && now - peer->checked <= peer->fail_timeout)
-diff --git src/http/ngx_http_upstream_round_robin.h src/http/ngx_http_upstream_round_robin.h
-index 9db82a6..2fedd46 100644
---- src/http/ngx_http_upstream_round_robin.h
-+++ src/http/ngx_http_upstream_round_robin.h
-@@ -31,6 +31,10 @@ typedef struct {
-     ngx_uint_t                      max_fails;
-     time_t                          fail_timeout;
- 
-+#if (NGX_UPSTREAM_CHECK_MODULE)
-+    ngx_uint_t                      check_index;
-+#endif
-+
-     ngx_uint_t                      down;          /* unsigned  down:1; */
- 
- #if (NGX_HTTP_SSL)

diff --git a/www-servers/nginx/nginx-1.8.1.ebuild b/www-servers/nginx/nginx-1.8.1.ebuild
index e75a805..5bb4978 100644
--- a/www-servers/nginx/nginx-1.8.1.ebuild
+++ b/www-servers/nginx/nginx-1.8.1.ebuild
@@ -276,7 +276,7 @@ src_prepare() {
 	epatch "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
 
 	if use nginx_modules_http_upstream_check; then
-		epatch "${FILESDIR}"/check_1.7.2+.patch
+		epatch "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.7.2+.patch
 	fi
 
 	if use nginx_modules_http_lua; then

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/files/, www-servers/nginx/

[Zac Medico]

commit:     b5ba1ddb6b1eb7fb418d9e8f268fae2dd06d44d2
Author:     Zac Medico <zmedico <AT> gentoo <DOT> org>
AuthorDate: Sat May  7 03:11:26 2016 +0000
Commit:     Zac Medico <zmedico <AT> gentoo <DOT> org>
CommitDate: Sat May  7 03:15:06 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b5ba1ddb

www-servers/nginx: add segfault fix to 1.10.0 for http_upstream_check (bug 582316)

Package-Manager: portage-2.2.28

 .../files/check-0.3.0-segfault-on-reload.patch     | 26 ++++++++++++++++++++++
 www-servers/nginx/nginx-1.10.0.ebuild              |  3 +++
 2 files changed, 29 insertions(+)

diff --git a/www-servers/nginx/files/check-0.3.0-segfault-on-reload.patch b/www-servers/nginx/files/check-0.3.0-segfault-on-reload.patch
new file mode 100644
index 0000000..f556aab
--- /dev/null
+++ b/www-servers/nginx/files/check-0.3.0-segfault-on-reload.patch
@@ -0,0 +1,26 @@
+From 2a52fbf565d0d5bdc9f25382b5af6e952216831f Mon Sep 17 00:00:00 2001
+From: Dmitry Saprykin <saprykin.dmitry@gmail.com>
+Date: Fri, 5 Dec 2014 11:46:18 +0300
+Subject: [PATCH] * serfault on reload fix
+
+---
+ ngx_http_upstream_check_module.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/ngx_http_upstream_check_module.c b/ngx_http_upstream_check_module.c
+index e2a4030..41aa63a 100644
+--- a/ngx_http_upstream_check_module.c
++++ b/ngx_http_upstream_check_module.c
+@@ -3991,9 +3991,9 @@ ngx_http_upstream_check_find_shm_peer(ngx_http_upstream_check_peers_shm_t *p,
+             continue;
+         }
+ 
+-        if ((ngx_memcmp(addr->sockaddr, peer_shm->sockaddr, addr->socklen) == 0)
+-            && (ngx_strncmp(upstream_name->data, peer_shm->upstream_name->data,
+-                            upstream_name->len) == 0)) {
++        if (ngx_memcmp(addr->sockaddr, peer_shm->sockaddr, addr->socklen) == 0
++            && upstream_name->len == peer_shm->upstream_name->len
++            && ngx_strncmp(upstream_name->data, peer_shm->upstream_name->data, upstream_name->len) == 0) {
+             return peer_shm;
+         }
+     }

diff --git a/www-servers/nginx/nginx-1.10.0.ebuild b/www-servers/nginx/nginx-1.10.0.ebuild
index 159f891..ef851c4 100644
--- a/www-servers/nginx/nginx-1.10.0.ebuild
+++ b/www-servers/nginx/nginx-1.10.0.ebuild
@@ -329,6 +329,9 @@ src_prepare() {
 
 	if use nginx_modules_http_upstream_check; then
 		eapply -p0 "${FILESDIR}/check-1.9.2".patch
+		pushd "${HTTP_UPSTREAM_CHECK_MODULE_WD}" >/dev/null
+		eapply -p1 "${FILESDIR}/check-0.3.0-segfault-on-reload".patch
+		popd >/dev/null
 	fi
 
 	if use nginx_modules_http_lua; then

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/files/, www-servers/nginx/

[Zac Medico]

commit:     88fd6990872130f6e6f60fdbac4fe6d53c0afbd9
Author:     Zac Medico <zmedico <AT> gentoo <DOT> org>
AuthorDate: Sat May 14 09:03:41 2016 +0000
Commit:     Zac Medico <zmedico <AT> gentoo <DOT> org>
CommitDate: Sat May 14 09:05:51 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=88fd6990

www-servers/nginx: fix upstream check module segfault for bug 582992

* update module snapshot to fix upstream issue 49, a segfault which
  occurs in the ngx_http_upstream_check_find_shm_peer function

* remove check-0.3.0-segfault-on-reload.patch which is included in
  the new snapshot

Package-Manager: portage-2.2.28

 www-servers/nginx/Manifest                         |  1 +
 .../files/check-0.3.0-segfault-on-reload.patch     | 26 ----------------------
 www-servers/nginx/nginx-1.10.0.ebuild              |  9 +++-----
 3 files changed, 4 insertions(+), 32 deletions(-)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 26d2866..8f597c4 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -27,6 +27,7 @@ DIST ngx_http_push_stream-0.5.1.tar.gz 175263 SHA256 a95f31e80120fd7324795b92a0d
 DIST ngx_http_push_stream-0.5.2.tar.gz 182008 SHA256 1d07f38acdb8194bd49344b0ba21de101070de9b8731d27a8d22e928850bc199 SHA512 ee8bf9ece652da6aa5a39879298bba70d1842696545259f3f5e302cc61397b35f016364805805f9ab1914fc39ed2f07c015e042155789073e3d1fdc02a0783de WHIRLPOOL d309cecbb1bb5b6c4f64712d44889e3ecca59140d845a31a3f605dc3cc2aa01622b0deadb8f6852baea3c211bebbe6ed7d7868399447ac1249c1b1b740fa3c27
 DIST ngx_http_slowfs_cache-1.10.tar.gz 11809 SHA256 1e81453942e5b0877de1f1f06c56ae82918ea9818255cb935bcb673c95a758a1 SHA512 fbc9609a8d6913aeefe535f206b9e53477503f131934ead2ae5a6169e395af2f5fb54778704824d5eeb22a4ef40a11ebbcde580db62a631f70edcc2cfc06b15d WHIRLPOOL a02ed77422c47d9e476f8746186d19d632ddb953635d8d9dd51ff076225a78044286ee7e114478bc02e4b2a422e4fdc207154fc287629dd2cd7c3f9a634dad18
 DIST ngx_http_upload_progress-0.9.1-r1.tar.gz 17166 SHA256 99ec072cca35cd7791e77c40a8ded41a7a8c1111e057be26e55fba2fdf105f43 SHA512 6c1e3776402b6e2cda50d9c48c4b578a85feffe15891c075443f6d9c7b9e2414e0614b50a8f417ddda9faf5f719957c77ade519c88b48caec970fc51fe12f0d1 WHIRLPOOL 12970d0f75ee3f0d8a97c4948b97fca2bd707a93e4e578c0e2ac0d18991986e620dd6b15c2ab5680ff726c0490671e3bc5e1ee6109baf81877d8baa6a5357825
+DIST ngx_http_upstream_check-0.3.0-10-g10782ea.tar.gz 128297 SHA256 a5003e86908086f8607e76cfc01a56d56654982ab02cec918278c261ff1e8363 SHA512 2407d4375d8b94a808eb9e423615af700537b28fc88d37e790fb2a5ecdb02da94e7d1e271a6a81e8a55f8ce11e7db80fdd6de7feca08469dfaa26d717a1075a3 WHIRLPOOL 6b428940a07a7c18ba19cba07f43f1661484905a025f80fcb44908aeaeab9c8e854d3e104fe0339087a2e9029ad4722366c7d0a0fca7c73d92ece6ff2e494206
 DIST ngx_http_upstream_check-0.3.0.tar.gz 136542 SHA256 c543bf427b38643c10dcd1a0c701392bc666708313e7b63f9272396a6cc9a461 SHA512 ca19e8bcae218c639ff59e8f743bd2fb78de2c1f33dfb0de7b7b5ce82ae7ef04488255715e3e0311ebbc8c9741726573ac532cb269052925b0935f349414e959 WHIRLPOOL acee2ea955f87844a724815fc78d0296f23e9d6726551febd6bbff563625e8eadd04213394b6029c45b6036138c4f8957b2621f1b033a6177410fa7778176749
 DIST ngx_memc_module-0.16.tar.gz 38560 SHA256 24f3c3270831aed2d157c01ef74cb26eab26b832971fe7b9f42a03dbfac10ce4 SHA512 e48a864ac9ae627e840b189f33157aa3a1c0966d2bcffd1f93030b0e6f5962355c004737cae0a5a00f2a1cbcb201369c37053f0823bb601618d18ef87561e353 WHIRLPOOL c53decff852790758b3b92ca1d207a5b99b592e708271411699d70dd9683d7f551b469e057f480f66adfdffa1cb1b91b9c7e031835311ac0b6bfab0f444852f9
 DIST ngx_metrics-0.1.1.tar.gz 2964 SHA256 1c62ebb31e3caafad91720962770b0e7a4287f195520cf12471c262ac19b154e SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e WHIRLPOOL 2796f5a97e76dfcc91133240e8e90ba493f0356f781a173d8cacdd09eba64b75ef531db398c0566fda395124700de8c991b771433e376ca0d5898c2ea6f82868

diff --git a/www-servers/nginx/files/check-0.3.0-segfault-on-reload.patch b/www-servers/nginx/files/check-0.3.0-segfault-on-reload.patch
deleted file mode 100644
index f556aab..0000000
--- a/www-servers/nginx/files/check-0.3.0-segfault-on-reload.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 2a52fbf565d0d5bdc9f25382b5af6e952216831f Mon Sep 17 00:00:00 2001
-From: Dmitry Saprykin <saprykin.dmitry@gmail.com>
-Date: Fri, 5 Dec 2014 11:46:18 +0300
-Subject: [PATCH] * serfault on reload fix
-
----
- ngx_http_upstream_check_module.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/ngx_http_upstream_check_module.c b/ngx_http_upstream_check_module.c
-index e2a4030..41aa63a 100644
---- a/ngx_http_upstream_check_module.c
-+++ b/ngx_http_upstream_check_module.c
-@@ -3991,9 +3991,9 @@ ngx_http_upstream_check_find_shm_peer(ngx_http_upstream_check_peers_shm_t *p,
-             continue;
-         }
- 
--        if ((ngx_memcmp(addr->sockaddr, peer_shm->sockaddr, addr->socklen) == 0)
--            && (ngx_strncmp(upstream_name->data, peer_shm->upstream_name->data,
--                            upstream_name->len) == 0)) {
-+        if (ngx_memcmp(addr->sockaddr, peer_shm->sockaddr, addr->socklen) == 0
-+            && upstream_name->len == peer_shm->upstream_name->len
-+            && ngx_strncmp(upstream_name->data, peer_shm->upstream_name->data, upstream_name->len) == 0) {
-             return peer_shm;
-         }
-     }

diff --git a/www-servers/nginx/nginx-1.10.0.ebuild b/www-servers/nginx/nginx-1.10.0.ebuild
index 2058354..43a0eac 100644
--- a/www-servers/nginx/nginx-1.10.0.ebuild
+++ b/www-servers/nginx/nginx-1.10.0.ebuild
@@ -66,10 +66,10 @@ HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/arch
 HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
 
 # http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0"
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-g10782ea"
 HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
 HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-10782eaff51872a8f44e65eed89bbe286004bcb1"
 
 # http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
 HTTP_METRICS_MODULE_PV="0.1.1"
@@ -328,10 +328,7 @@ src_prepare() {
 	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
 
 	if use nginx_modules_http_upstream_check; then
-		eapply -p0 "${FILESDIR}/check-1.9.2".patch
-		pushd "${HTTP_UPSTREAM_CHECK_MODULE_WD}" >/dev/null
-		eapply -p1 "${FILESDIR}/check-0.3.0-segfault-on-reload".patch
-		popd >/dev/null
+		eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}/check_1.9.2+".patch
 	fi
 
 	if use nginx_modules_http_lua; then

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/files/, www-servers/nginx/

[Lars Wendler]

commit:     093003aa3711306e14d4e023ab7d822ed00f6cf4
Author:     Thomas Deutschmann <whissi <AT> whissi <DOT> de>
AuthorDate: Tue Jul 19 23:10:01 2016 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Jul 26 09:51:19 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=093003aa

www-servers/nginx: Cleanup

Package-Manager: portage-2.3.0
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 www-servers/nginx/Manifest                      |   1 -
 www-servers/nginx/files/nginx.conf              |  72 ---
 www-servers/nginx/files/nginx.initd-r2          |  89 ---
 www-servers/nginx/files/rtmp-nginx-1.11.0.patch |  39 --
 www-servers/nginx/nginx-1.11.1.ebuild           | 761 ------------------------
 5 files changed, 962 deletions(-)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index a6ba11c..fde5d70 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,6 +1,5 @@
 DIST modsecurity-2.9.1.tar.gz 4261212 SHA256 958cc5a7a7430f93fac0fd6f8b9aa92fc1801efce0cda797d6029d44080a9b24 SHA512 374733cbfc26e53d95b78c8f268a4e465d838163e9893fc24e33a9d272b114f1b287147bab6d0289575074cbbd94f48983e23fa59832cbcb32950046cea59269 WHIRLPOOL 5f41bebf032f8a269412d104b7632a06af4d4c495658c9cd1ebf69b82c10ce1bbcb34b9dd159a7b00e57348714a5e93ad3db19701dda51479accd3a9dc79a9cb
 DIST nginx-1.10.1.tar.gz 909077 SHA256 1fd35846566485e03c0e318989561c135c598323ff349c503a6c14826487a801 SHA512 fa1329d40e83340380332dd5e2ed66f08dd59cc7f7582dd0e0193c493353ba550e80dc80e5165c225d70532d4197abc49cc8c760e8ab72e48f630cb57c2803e1 WHIRLPOOL 6942f70c3279a28bd8d664d085dee68bf0d0526c8dcb636f3258c9de598268efc984af72e527efd86889bd13911b38b0bdb2de1e92eef69cabd02f7080f64eb6
-DIST nginx-1.11.1.tar.gz 913417 SHA256 5d8dd0197e3ffeb427729c045382182fb28db8e045c635221b2e0e6722821ad0 SHA512 01330a5200b9b5ac5788cd95b2857d2ff87bf0a073a93e3e441b89d19f12137b496e6de67145c04cc74ba88d599a7be96d622f29785e30df23fc8a657adf8b2a WHIRLPOOL e902d408f45eb9168db5a5220275896a072419660505eb45816280f1a2d2150593262d601583d2c34b521fae560fdd237e6609e85bf03a30b7721c10299a207e
 DIST nginx-1.11.2.tar.gz 924979 SHA256 a0327be3e647bdc4a1b3ef98946a8e8fbf258ce8da6bed9a94222b249ae2700a SHA512 56fb66dd7267780acaa186679f3abefcddb3dd7701d0d87518e98c83b62cd171f40e4ce47cec0a42d31181d57856c9ba820ded001975bd50c9c09dcf409b11bf WHIRLPOOL 31de538411e164727cfde081300b0e98eb8dbd3fecdbad73a22672b33b6b23d08b33aa8e238d3b72649c474ef6abf7026a43d06e329b35a1a5a3e9e4ace72c91
 DIST nginx-auth-ldap-dbcef31bebb2d54b6120422d0b178bbf78bc48f7.tar.gz 16998 SHA256 35c8f29581823be0f8bdbcf237d7fa5518c45eabe0ab9a695b131d32c8f1c264 SHA512 f47a9a6c5f93daa9260825261d2069bca5fc528221f94fc8ec98462f61774a36bce0238d931f8d0690544fd0144a83f942b6673c8376fe03f7834f8da9666671 WHIRLPOOL 26a2f67e715d13f785932f00e642c0864b5b7059d120f7fe7458017dbe02203f4873d1cfc4f0dd262834465438ad2b00ef4b49295e18a8e246abda6f7694ac70
 DIST nginx_http_sticky_module_ng-1.2.6.tar.bz2 124089 SHA256 e47b9fd435d7a5a3200f945a9745aaa7b9446495bda76df48f211129f88d6b26 SHA512 2632b04c94f523aa7c9726db182cba11d83e642c2db5798274e67fbef30de95d02e4e95cbfb98bc429d4244d630b5d9617405b43f728ae0117a5c134940c0ded WHIRLPOOL 1b754c02f834c6b4d4930e9c46b8c5accb6c9663718fb9296c92d79bc33206e66e49e4234ca4db9a5afcd42fa23273bdf0e675aa7b38927c4e46a85318c189eb

diff --git a/www-servers/nginx/files/nginx.conf b/www-servers/nginx/files/nginx.conf
deleted file mode 100644
index 74c015f..0000000
--- a/www-servers/nginx/files/nginx.conf
+++ /dev/null
@@ -1,72 +0,0 @@
-user nginx nginx;
-worker_processes 1;
-
-error_log /var/log/nginx/error_log info;
-
-events {
-	worker_connections 1024;
-	use epoll;
-}
-
-http {
-	include /etc/nginx/mime.types;
-	default_type application/octet-stream;
-
-	log_format main
-		'$remote_addr - $remote_user [$time_local] '
-		'"$request" $status $bytes_sent '
-		'"$http_referer" "$http_user_agent" '
-		'"$gzip_ratio"';
-
-	client_header_timeout 10m;
-	client_body_timeout 10m;
-	send_timeout 10m;
-
-	connection_pool_size 256;
-	client_header_buffer_size 1k;
-	large_client_header_buffers 4 2k;
-	request_pool_size 4k;
-
-	gzip on;
-	gzip_min_length 1100;
-	gzip_buffers 4 8k;
-	gzip_types text/plain;
-
-	output_buffers 1 32k;
-	postpone_output 1460;
-
-	sendfile on;
-	tcp_nopush on;
-	tcp_nodelay on;
-
-	keepalive_timeout 75 20;
-
-	ignore_invalid_headers on;
-
-	index index.html;
-
-	server {
-		listen 127.0.0.1;
-		server_name localhost;
-
-		access_log /var/log/nginx/localhost.access_log main;
-		error_log /var/log/nginx/localhost.error_log info;
-
-		root /var/www/localhost/htdocs;
-	}
-
-	# SSL example
-	#server {
-	#	listen 127.0.0.1:443;
-	#	server_name localhost;
-
-	#	ssl on;
-	#	ssl_certificate /etc/ssl/nginx/nginx.pem;
-	#	ssl_certificate_key /etc/ssl/nginx/nginx.key;
-
-	#	access_log /var/log/nginx/localhost.ssl_access_log main;
-	#	error_log /var/log/nginx/localhost.ssl_error_log info;
-
-	#	root /var/www/localhost/htdocs;
-	#}
-}

diff --git a/www-servers/nginx/files/nginx.initd-r2 b/www-servers/nginx/files/nginx.initd-r2
deleted file mode 100644
index 9cd04be..0000000
--- a/www-servers/nginx/files/nginx.initd-r2
+++ /dev/null
@@ -1,89 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2013 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-extra_commands="configtest"
-extra_started_commands="upgrade reload"
-
-description="Robust, small and high performance http and reverse proxy server"
-description_configtest="Run nginx' internal config check."
-description_upgrade="Upgrade the nginx binary without losing connections."
-description_reload="Reload the nginx configuration without losing connections."
-
-nginx_config=${nginx_config:-/etc/nginx/nginx.conf}
-
-command="/usr/sbin/nginx"
-command_args="-c ${nginx_config}"
-pidfile=${pidfile:-/run/nginx.pid}
-user=${user:-nginx}
-group=${group:-nginx}
-
-depend() {
-	need net
-	use dns logger netmount
-}
-
-start_pre() {
-	if [ "${RC_CMD}" != "restart" ]; then
-		configtest || return 1
-	fi
-}
-
-stop_pre() {
-	if [ "${RC_CMD}" = "restart" ]; then
-		configtest || return 1
-	fi
-}
-
-stop_post() {
-	rm -f ${pidfile}
-}
-
-reload() {
-	configtest || return 1
-	ebegin "Refreshing nginx' configuration"
-	kill -HUP `cat ${pidfile}` &>/dev/null
-	eend $? "Failed to reload nginx"
-}
-
-upgrade() {
-	configtest || return 1
-	ebegin "Upgrading nginx"
-
-	einfo "Sending USR2 to old binary"
-	kill -USR2 `cat ${pidfile}` &>/dev/null
-
-	einfo "Sleeping 3 seconds before pid-files checking"
-	sleep 3
-
-	if [ ! -f ${pidfile}.oldbin ]; then
-		eerror "File with old pid not found"
-		return 1
-	fi
-
-	if [ ! -f ${pidfile} ]; then
-		eerror "New binary failed to start"
-		return 1
-	fi
-
-	einfo "Sleeping 3 seconds before WINCH"
-	sleep 3 ; kill -WINCH `cat ${pidfile}.oldbin`
-
-	einfo "Sending QUIT to old binary"
-	kill -QUIT `cat ${pidfile}.oldbin`
-
-	einfo "Upgrade completed"
-	eend $? "Upgrade failed"
-}
-
-configtest() {
-	ebegin "Checking nginx' configuration"
-	${command} -c ${nginx_config} -t -q
-
-	if [ $? -ne 0 ]; then
-		${command} -c ${nginx_config} -t
-	fi
-
-	eend $? "failed, please correct errors above"
-}

diff --git a/www-servers/nginx/files/rtmp-nginx-1.11.0.patch b/www-servers/nginx/files/rtmp-nginx-1.11.0.patch
deleted file mode 100644
index 36c9c03..0000000
--- a/www-servers/nginx/files/rtmp-nginx-1.11.0.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 965523f3970e449e3abbaa6c9b0db1ce251f2b68 Mon Sep 17 00:00:00 2001
-From: RocFang <fangpeng1986@gmail.com>
-Date: Mon, 30 May 2016 22:56:16 +0800
-Subject: [PATCH] compile with nginx-1.11.0
-
-From https://github.com/arut/nginx-rtmp-module/issues/820
-
----
- ngx_rtmp_core_module.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/ngx_rtmp_core_module.c b/ngx_rtmp_core_module.c
-index 643702f..567f011 100644
---- a/ngx_rtmp_core_module.c
-+++ b/ngx_rtmp_core_module.c
-@@ -557,7 +557,11 @@ ngx_rtmp_core_listen(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
-             break;
-         }
- 
-+#if (nginx_version >= 1011000)
-+        if (ngx_memcmp(ls[i].sockaddr + off, &u.sockaddr + off, len) != 0) {
-+#else
-         if (ngx_memcmp(ls[i].sockaddr + off, u.sockaddr + off, len) != 0) {
-+#endif
-             continue;
-         }
- 
-@@ -577,7 +581,11 @@ ngx_rtmp_core_listen(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
- 
-     ngx_memzero(ls, sizeof(ngx_rtmp_listen_t));
- 
-+#if (nginx_version >= 1011000)
-+    ngx_memcpy(ls->sockaddr, &u.sockaddr, u.socklen);
-+#else
-     ngx_memcpy(ls->sockaddr, u.sockaddr, u.socklen);
-+#endif
- 
-     ls->socklen = u.socklen;
-     ls->wildcard = u.wildcard;

diff --git a/www-servers/nginx/nginx-1.11.1.ebuild b/www-servers/nginx/nginx-1.11.1.ebuild
deleted file mode 100644
index 451b271..0000000
--- a/www-servers/nginx/nginx-1.11.1.ebuild
+++ /dev/null
@@ -1,761 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=6
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.30"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.0"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.5"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-g10782ea"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-10782eaff51872a8f44e65eed89bbe286004bcb1"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.54"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.7"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.59"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.1"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.17"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="dbcef31bebb2d54b6120422d0b178bbf78bc48f7"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-
-inherit ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
-	rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM="access limit_conn upstream"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_upload_progress
-	http_headers_more
-	http_cache_purge
-	http_slowfs_cache
-	http_fancyindex
-	http_lua
-	http_auth_pam
-	http_upstream_check
-	http_metrics
-	http_naxsi
-	http_dav_ext
-	http_echo
-	http_security
-	http_push_stream
-	http_sticky
-	http_ajp
-	http_mogilefs
-	http_memc
-	http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( >=dev-libs/libpcre-4.2 )
-	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
-	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-
-	if use rtmp; then
-		cd "${RTMP_MODULE_WD}" || die
-		eapply "${FILESDIR}"/rtmp-nginx-1.11.0.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}/check_1.9.2+".patch
-	fi
-
-	if use nginx_modules_http_lua; then
-		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-		./configure \
-			--enable-standalone-module \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-	fi
-
-	cd "${S}" || die
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use ipv6      && myconf+=( --with-ipv6 )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			# Treat stream upstream slightly differently
-			if ! use nginx_modules_stream_upstream; then
-				myconf+=( --without-stream_upstream_hash_module )
-				myconf+=( --without-stream_upstream_least_conn_module )
-				myconf+=( --without-stream_upstream_zone_module )
-			else
-				myconf+=( --without-stream_${mod}_module )
-			fi
-		fi
-	done
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN}" "--group=${PN} )
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r3 nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 /var/log/nginx ${keepdir_list}
-	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
-	fi
-
-	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
-	# existing installations
-	local fix_perms=0
-
-	for rv in ${REPLACING_VERSIONS} ; do
-		version_compare ${rv} 1.4.1-r2
-		[[ $? -eq 1 ]] && fix_perms=1
-	done
-
-	if [[ $fix_perms -eq 1 ]] ; then
-		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
-		ewarn "directories the world-readable bit removed (if set):"
-		ewarn "  ${EPREFIX}/var/log/nginx"
-		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-		ewarn "Check if this is correct for your setup before restarting nginx!"
-		ewarn "This is a one-time change and will not happen on subsequent updates."
-		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
-		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
-	fi
-
-	# If the nginx user can't change into or read the dir, display a warning.
-	# If su is not available we display the warning nevertheless since we can't check properly
-	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
-	if [ $? -ne 0 ] ; then
-		ewarn "Please make sure that the nginx user or group has at least"
-		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
-		ewarn "Otherwise you end up with empty log files after a logrotate."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/files/, www-servers/nginx/

[Lars Wendler]

commit:     0e2ac3575abbbc0493bb2d8dff24cb00a3b9f970
Author:     Thomas Deutschmann <whissi <AT> whissi <DOT> de>
AuthorDate: Tue Jul 19 23:03:02 2016 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Jul 26 09:51:17 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0e2ac357

www-servers/nginx: Bump to v1.11.2 (bug #588816)

Bug: https://bugs.gentoo.org/588816
Package-Manager: portage-2.3.0
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 www-servers/nginx/Manifest                         |   2 +
 .../nginx/files/http-sticky-nginx-1.11.2.patch     |  64 ++
 www-servers/nginx/nginx-1.11.2.ebuild              | 761 +++++++++++++++++++++
 3 files changed, 827 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 2932c5a..a6ba11c 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,6 +1,7 @@
 DIST modsecurity-2.9.1.tar.gz 4261212 SHA256 958cc5a7a7430f93fac0fd6f8b9aa92fc1801efce0cda797d6029d44080a9b24 SHA512 374733cbfc26e53d95b78c8f268a4e465d838163e9893fc24e33a9d272b114f1b287147bab6d0289575074cbbd94f48983e23fa59832cbcb32950046cea59269 WHIRLPOOL 5f41bebf032f8a269412d104b7632a06af4d4c495658c9cd1ebf69b82c10ce1bbcb34b9dd159a7b00e57348714a5e93ad3db19701dda51479accd3a9dc79a9cb
 DIST nginx-1.10.1.tar.gz 909077 SHA256 1fd35846566485e03c0e318989561c135c598323ff349c503a6c14826487a801 SHA512 fa1329d40e83340380332dd5e2ed66f08dd59cc7f7582dd0e0193c493353ba550e80dc80e5165c225d70532d4197abc49cc8c760e8ab72e48f630cb57c2803e1 WHIRLPOOL 6942f70c3279a28bd8d664d085dee68bf0d0526c8dcb636f3258c9de598268efc984af72e527efd86889bd13911b38b0bdb2de1e92eef69cabd02f7080f64eb6
 DIST nginx-1.11.1.tar.gz 913417 SHA256 5d8dd0197e3ffeb427729c045382182fb28db8e045c635221b2e0e6722821ad0 SHA512 01330a5200b9b5ac5788cd95b2857d2ff87bf0a073a93e3e441b89d19f12137b496e6de67145c04cc74ba88d599a7be96d622f29785e30df23fc8a657adf8b2a WHIRLPOOL e902d408f45eb9168db5a5220275896a072419660505eb45816280f1a2d2150593262d601583d2c34b521fae560fdd237e6609e85bf03a30b7721c10299a207e
+DIST nginx-1.11.2.tar.gz 924979 SHA256 a0327be3e647bdc4a1b3ef98946a8e8fbf258ce8da6bed9a94222b249ae2700a SHA512 56fb66dd7267780acaa186679f3abefcddb3dd7701d0d87518e98c83b62cd171f40e4ce47cec0a42d31181d57856c9ba820ded001975bd50c9c09dcf409b11bf WHIRLPOOL 31de538411e164727cfde081300b0e98eb8dbd3fecdbad73a22672b33b6b23d08b33aa8e238d3b72649c474ef6abf7026a43d06e329b35a1a5a3e9e4ace72c91
 DIST nginx-auth-ldap-dbcef31bebb2d54b6120422d0b178bbf78bc48f7.tar.gz 16998 SHA256 35c8f29581823be0f8bdbcf237d7fa5518c45eabe0ab9a695b131d32c8f1c264 SHA512 f47a9a6c5f93daa9260825261d2069bca5fc528221f94fc8ec98462f61774a36bce0238d931f8d0690544fd0144a83f942b6673c8376fe03f7834f8da9666671 WHIRLPOOL 26a2f67e715d13f785932f00e642c0864b5b7059d120f7fe7458017dbe02203f4873d1cfc4f0dd262834465438ad2b00ef4b49295e18a8e246abda6f7694ac70
 DIST nginx_http_sticky_module_ng-1.2.6.tar.bz2 124089 SHA256 e47b9fd435d7a5a3200f945a9745aaa7b9446495bda76df48f211129f88d6b26 SHA512 2632b04c94f523aa7c9726db182cba11d83e642c2db5798274e67fbef30de95d02e4e95cbfb98bc429d4244d630b5d9617405b43f728ae0117a5c134940c0ded WHIRLPOOL 1b754c02f834c6b4d4930e9c46b8c5accb6c9663718fb9296c92d79bc33206e66e49e4234ca4db9a5afcd42fa23273bdf0e675aa7b38927c4e46a85318c189eb
 DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 SHA256 88e05a99a8a7419066f5ae75966fb1efc409bad4522d14986da074554ae61619 SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614 WHIRLPOOL 5f6ed4e6850d2ce7e8c65e0570a7e2c74a1fe360e167644ed405fff682ab178b09c722c99c1df9af552fb816219b9fc04dcdf638b3e4af68c688434cdb33aa59
@@ -20,3 +21,4 @@ DIST ngx_memc_module-0.17.tar.gz 36369 SHA256 25cbe3ff4931283a681260607bc91ae4a9
 DIST ngx_metrics-0.1.1.tar.gz 2964 SHA256 1c62ebb31e3caafad91720962770b0e7a4287f195520cf12471c262ac19b154e SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e WHIRLPOOL 2796f5a97e76dfcc91133240e8e90ba493f0356f781a173d8cacdd09eba64b75ef531db398c0566fda395124700de8c991b771433e376ca0d5898c2ea6f82868
 DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 SHA256 7ac230d30907f013dff8d435a118619ea6168aa3714dba62c6962d350c6295ae SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1 WHIRLPOOL 64c9b11ad938e6dbe5ba31298f1cd46f6e6bb4ba039c96b1e43bd85919d1606326f74b677f789ecabe0b0f4e0f08ac5aaf8148bf820de65aaa1e9966a28b9f61
 DIST ngx_rtmp-1.1.7.tar.gz 519735 SHA256 7922b0e3d5f3d9c4b275e4908cfb8f5fb1bfb3ac2df77f4c262cda56df21aab3 SHA512 9883462a04683f1e7af175da04b86d259ff6d677864667588fb073143f7130969eb2a5a5a48ddceda7a555b908580f179bdcacb7f0111413d51db5bfe43b396e WHIRLPOOL e9c1fc9c3c965ae7047657f76e0997d5da107aff7dd9e5cf3ddb5a2d8f388efd8439b82923e199dc36def449567b8529e06c80f69c36f42128236ac0be5719d5
+DIST ngx_rtmp-1.1.8.tar.gz 519647 SHA256 de5866111a5b18c9dfb1c10f3a0e84b56af77f7005a41807368f7769b8a50965 SHA512 554249b1b8bb70952a0585dcc5c55c70daa63f2eba5ef35f8b1a4932fdfd6c95b0a48739857ba8dcab08ff1e91d048f3dc43bf65250890fd7a679cdabfed880a WHIRLPOOL a8cd4361419fbae97f199d788078c62ffc442158d0338aa677e5d6d21fb27a336da85e901ee6463ff6b33201092575237d5b6f20a1d80d924ac6591cbb75c9d7

diff --git a/www-servers/nginx/files/http-sticky-nginx-1.11.2.patch b/www-servers/nginx/files/http-sticky-nginx-1.11.2.patch
new file mode 100644
index 0000000..498bf22
--- /dev/null
+++ b/www-servers/nginx/files/http-sticky-nginx-1.11.2.patch
@@ -0,0 +1,64 @@
+Fix compilation issue with nginx-1.11.2
+
+https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/issues/26/not-compile-nginx-1112
+
+diff --git a/ngx_http_sticky_misc.c b/ngx_http_sticky_misc.c
+index 4aadd4b..0a3548c 100644
+--- a/ngx_http_sticky_misc.c
++++ b/ngx_http_sticky_misc.c
+@@ -16,10 +16,15 @@
+   #define ngx_str_set(str, text) (str)->len = sizeof(text) - 1; (str)->data = (u_char *) text
+ #endif
+ 
++/* - fix for 1.11.2 removes include <openssl/md5.h> in ngx_md5.h */
++#define MD5_CBLOCK  64
++#define MD5_LBLOCK  (MD5_CBLOCK/4)
++#define MD5_DIGEST_LENGTH 16
++
+ // /* - bugfix for compiling on sles11 - needs gcc4.6 or later*/
+-// #pragma GCC diagnostic ignored "-Wuninitialized" 
++// #pragma GCC diagnostic ignored "-Wuninitialized"
+ 
+-static ngx_int_t cookie_expires(char *str, size_t size, time_t t) 
++static ngx_int_t cookie_expires(char *str, size_t size, time_t t)
+ {
+   char *months[] = {"Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"};
+   char *wdays[] = {"Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"};
+@@ -75,7 +80,7 @@ ngx_int_t ngx_http_sticky_misc_set_cookie(ngx_http_request_t *r, ngx_str_t *name
+     len += sizeof("; HttpOnly") - 1;
+   }
+ 
+-  cookie = ngx_pnalloc(r->pool, len); 
++  cookie = ngx_pnalloc(r->pool, len);
+   if (cookie == NULL) {
+     return NGX_ERROR;
+   }
+@@ -85,7 +90,7 @@ ngx_int_t ngx_http_sticky_misc_set_cookie(ngx_http_request_t *r, ngx_str_t *name
+   p = ngx_copy(p, value->data, value->len);
+ 
+   if (domain->len > 0) {
+-    p = ngx_copy(p, "; Domain=", sizeof("; Domain=") - 1);  
++    p = ngx_copy(p, "; Domain=", sizeof("; Domain=") - 1);
+     p = ngx_copy(p, domain->data, domain->len);
+   }
+ 
+@@ -95,16 +100,16 @@ ngx_int_t ngx_http_sticky_misc_set_cookie(ngx_http_request_t *r, ngx_str_t *name
+   }
+ 
+   if (path->len > 0) {
+-    p = ngx_copy(p, "; Path=", sizeof("; Path=") - 1);  
++    p = ngx_copy(p, "; Path=", sizeof("; Path=") - 1);
+     p = ngx_copy(p, path->data, path->len);
+   }
+ 
+   if (secure) {
+-    p = ngx_copy(p, "; Secure", sizeof("; Secure") - 1);  
++    p = ngx_copy(p, "; Secure", sizeof("; Secure") - 1);
+   }
+ 
+   if (httponly) {
+-    p = ngx_copy(p, "; HttpOnly", sizeof("; HttpOnly") - 1);  
++    p = ngx_copy(p, "; HttpOnly", sizeof("; HttpOnly") - 1);
+   }
+ 
+   part = &r->headers_out.headers.part;

diff --git a/www-servers/nginx/nginx-1.11.2.ebuild b/www-servers/nginx/nginx-1.11.2.ebuild
new file mode 100644
index 0000000..9bfdddd
--- /dev/null
+++ b/www-servers/nginx/nginx-1.11.2.ebuild
@@ -0,0 +1,761 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.30"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.0"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.5"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-g10782ea"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-10782eaff51872a8f44e65eed89bbe286004bcb1"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.54"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.8"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.59"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.1"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.17"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="dbcef31bebb2d54b6120422d0b178bbf78bc48f7"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+
+inherit ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="http://nginx.org"
+SRC_URI="http://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+	rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM="access limit_conn upstream"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_upload_progress
+	http_headers_more
+	http_cache_purge
+	http_slowfs_cache
+	http_fancyindex
+	http_lua
+	http_auth_pam
+	http_upstream_check
+	http_metrics
+	http_naxsi
+	http_dav_ext
+	http_echo
+	http_security
+	http_push_stream
+	http_sticky
+	http_ajp
+	http_mogilefs
+	http_memc
+	http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( >=dev-libs/libpcre-4.2 )
+	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
+	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+
+	if use nginx_modules_http_sticky; then
+		cd "${HTTP_STICKY_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http-sticky-nginx-1.11.2.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}/check_1.9.2+".patch
+	fi
+
+	if use nginx_modules_http_lua; then
+		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+		./configure \
+			--enable-standalone-module \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+	fi
+
+	cd "${S}" || die
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use ipv6      && myconf+=( --with-ipv6 )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			# Treat stream upstream slightly differently
+			if ! use nginx_modules_stream_upstream; then
+				myconf+=( --without-stream_upstream_hash_module )
+				myconf+=( --without-stream_upstream_least_conn_module )
+				myconf+=( --without-stream_upstream_zone_module )
+			else
+				myconf+=( --without-stream_${mod}_module )
+			fi
+		fi
+	done
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN}" "--group=${PN} )
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r3 nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 /var/log/nginx ${keepdir_list}
+	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+	fi
+
+	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
+	# existing installations
+	local fix_perms=0
+
+	for rv in ${REPLACING_VERSIONS} ; do
+		version_compare ${rv} 1.4.1-r2
+		[[ $? -eq 1 ]] && fix_perms=1
+	done
+
+	if [[ $fix_perms -eq 1 ]] ; then
+		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
+		ewarn "directories the world-readable bit removed (if set):"
+		ewarn "  ${EPREFIX}/var/log/nginx"
+		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+		ewarn "Check if this is correct for your setup before restarting nginx!"
+		ewarn "This is a one-time change and will not happen on subsequent updates."
+		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
+		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
+	fi
+
+	# If the nginx user can't change into or read the dir, display a warning.
+	# If su is not available we display the warning nevertheless since we can't check properly
+	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
+	if [ $? -ne 0 ] ; then
+		ewarn "Please make sure that the nginx user or group has at least"
+		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
+		ewarn "Otherwise you end up with empty log files after a logrotate."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/files/, www-servers/nginx/

[Thomas Deutschmann]

commit:     77945d7d197a90163f20bb183e71538c40fd7f8b
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Aug 10 22:13:12 2016 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Aug 10 22:13:35 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=77945d7d

www-servers/nginx: Cleanup

Removing previous ebuilds with incomplete HTTPoxy mitigation.

Package-Manager: portage-2.3.0

 www-servers/nginx/Manifest                         |   1 -
 .../nginx/files/nginx-httpoxy-mitigation.patch     |  33 -
 www-servers/nginx/nginx-1.10.1-r1.ebuild           | 768 --------------------
 www-servers/nginx/nginx-1.11.2.ebuild              | 774 --------------------
 www-servers/nginx/nginx-1.11.3.ebuild              | 782 ---------------------
 5 files changed, 2358 deletions(-)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index a721492..da1e09c 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,6 +1,5 @@
 DIST modsecurity-2.9.1.tar.gz 4261212 SHA256 958cc5a7a7430f93fac0fd6f8b9aa92fc1801efce0cda797d6029d44080a9b24 SHA512 374733cbfc26e53d95b78c8f268a4e465d838163e9893fc24e33a9d272b114f1b287147bab6d0289575074cbbd94f48983e23fa59832cbcb32950046cea59269 WHIRLPOOL 5f41bebf032f8a269412d104b7632a06af4d4c495658c9cd1ebf69b82c10ce1bbcb34b9dd159a7b00e57348714a5e93ad3db19701dda51479accd3a9dc79a9cb
 DIST nginx-1.10.1.tar.gz 909077 SHA256 1fd35846566485e03c0e318989561c135c598323ff349c503a6c14826487a801 SHA512 fa1329d40e83340380332dd5e2ed66f08dd59cc7f7582dd0e0193c493353ba550e80dc80e5165c225d70532d4197abc49cc8c760e8ab72e48f630cb57c2803e1 WHIRLPOOL 6942f70c3279a28bd8d664d085dee68bf0d0526c8dcb636f3258c9de598268efc984af72e527efd86889bd13911b38b0bdb2de1e92eef69cabd02f7080f64eb6
-DIST nginx-1.11.2.tar.gz 924979 SHA256 a0327be3e647bdc4a1b3ef98946a8e8fbf258ce8da6bed9a94222b249ae2700a SHA512 56fb66dd7267780acaa186679f3abefcddb3dd7701d0d87518e98c83b62cd171f40e4ce47cec0a42d31181d57856c9ba820ded001975bd50c9c09dcf409b11bf WHIRLPOOL 31de538411e164727cfde081300b0e98eb8dbd3fecdbad73a22672b33b6b23d08b33aa8e238d3b72649c474ef6abf7026a43d06e329b35a1a5a3e9e4ace72c91
 DIST nginx-1.11.3.tar.gz 938045 SHA256 4a667f40f9f3917069db1dea1f2d5baa612f1fa19378aadf71502e846a424610 SHA512 b983aca61335facf5778675b80fc28341ec9cfee2190319ed130b9c5d5ceff8133677f4609ecafd5a782daa5962e41bb6cb6a857380bbbe9cee67cd0ab2026d4 WHIRLPOOL f197bc4f5e1ed234b26d625db5bf665a24c09da316e3cae3c0f394f0b4db116acad5db15add7fd92b5fe1428f95449538584f57272f8bad89b912fb38fbb2c7d
 DIST nginx-auth-ldap-dbcef31bebb2d54b6120422d0b178bbf78bc48f7.tar.gz 16998 SHA256 35c8f29581823be0f8bdbcf237d7fa5518c45eabe0ab9a695b131d32c8f1c264 SHA512 f47a9a6c5f93daa9260825261d2069bca5fc528221f94fc8ec98462f61774a36bce0238d931f8d0690544fd0144a83f942b6673c8376fe03f7834f8da9666671 WHIRLPOOL 26a2f67e715d13f785932f00e642c0864b5b7059d120f7fe7458017dbe02203f4873d1cfc4f0dd262834465438ad2b00ef4b49295e18a8e246abda6f7694ac70
 DIST nginx_http_sticky_module_ng-1.2.6.tar.bz2 124089 SHA256 e47b9fd435d7a5a3200f945a9745aaa7b9446495bda76df48f211129f88d6b26 SHA512 2632b04c94f523aa7c9726db182cba11d83e642c2db5798274e67fbef30de95d02e4e95cbfb98bc429d4244d630b5d9617405b43f728ae0117a5c134940c0ded WHIRLPOOL 1b754c02f834c6b4d4930e9c46b8c5accb6c9663718fb9296c92d79bc33206e66e49e4234ca4db9a5afcd42fa23273bdf0e675aa7b38927c4e46a85318c189eb

diff --git a/www-servers/nginx/files/nginx-httpoxy-mitigation.patch b/www-servers/nginx/files/nginx-httpoxy-mitigation.patch
deleted file mode 100644
index 7e9618b..0000000
--- a/www-servers/nginx/files/nginx-httpoxy-mitigation.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-httpoxy mitigation
-
-See https://httpoxy.org/ and https://www.nginx.com/blog/?p=41962 for details.
----
- conf/fastcgi.conf   | 3 +++
- conf/fastcgi_params | 3 +++
- 2 files changed, 6 insertions(+)
-
-diff --git a/conf/fastcgi.conf b/conf/fastcgi.conf
-index 091738c..9f7e192 100644
---- a/conf/fastcgi.conf
-+++ b/conf/fastcgi.conf
-@@ -24,3 +24,6 @@ fastcgi_param  SERVER_NAME        $server_name;
- 
- # PHP only, required if PHP was built with --enable-force-cgi-redirect
- fastcgi_param  REDIRECT_STATUS    200;
-+
-+# httpoxy mitigation (https://httpoxy.org/ https://www.nginx.com/blog/?p=41962)
-+fastcgi_param  HTTP_PROXY         "";
-diff --git a/conf/fastcgi_params b/conf/fastcgi_params
-index 28decb9..3be3a95 100644
---- a/conf/fastcgi_params
-+++ b/conf/fastcgi_params
-@@ -23,3 +23,6 @@ fastcgi_param  SERVER_NAME        $server_name;
- 
- # PHP only, required if PHP was built with --enable-force-cgi-redirect
- fastcgi_param  REDIRECT_STATUS    200;
-+
-+# httpoxy mitigation (https://httpoxy.org/ https://www.nginx.com/blog/?p=41962)
-+fastcgi_param  HTTP_PROXY         "";
--- 
-2.9.2
-

diff --git a/www-servers/nginx/nginx-1.10.1-r1.ebuild b/www-servers/nginx/nginx-1.10.1-r1.ebuild
deleted file mode 100644
index 825a13b..0000000
--- a/www-servers/nginx/nginx-1.10.1-r1.ebuild
+++ /dev/null
@@ -1,768 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=6
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.30"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.0"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.5"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-g10782ea"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-10782eaff51872a8f44e65eed89bbe286004bcb1"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.54"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.8"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.59"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.1"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.17"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="dbcef31bebb2d54b6120422d0b178bbf78bc48f7"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-
-inherit ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
-	rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM="access limit_conn upstream"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_upload_progress
-	http_headers_more
-	http_cache_purge
-	http_slowfs_cache
-	http_fancyindex
-	http_lua
-	http_auth_pam
-	http_upstream_check
-	http_metrics
-	http_naxsi
-	http_dav_ext
-	http_echo
-	http_security
-	http_push_stream
-	http_sticky
-	http_mogilefs
-	http_memc
-	http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( >=dev-libs/libpcre-4.2 )
-	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
-	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:mainline"
-DEPEND="${CDEPEND}
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation.patch"
-
-	if use nginx_modules_http_upstream_check; then
-		eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}/check_1.9.2+".patch
-	fi
-
-	if use nginx_modules_http_lua; then
-		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-		./configure \
-			--enable-standalone-module \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-	fi
-
-	cd "${S}" || die
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use ipv6      && myconf+=( --with-ipv6 )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			# Treat stream upstream slightly differently
-			if ! use nginx_modules_stream_upstream; then
-				myconf+=( --without-stream_upstream_hash_module )
-				myconf+=( --without-stream_upstream_least_conn_module )
-				myconf+=( --without-stream_upstream_zone_module )
-			else
-				myconf+=( --without-stream_${mod}_module )
-			fi
-		fi
-	done
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r3 nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 /var/log/nginx ${keepdir_list}
-	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
-	fi
-
-	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
-	# existing installations
-	local fix_perms=0
-
-	for rv in ${REPLACING_VERSIONS} ; do
-		version_compare ${rv} 1.4.1-r2
-		[[ $? -eq 1 ]] && fix_perms=1
-	done
-
-	if [[ $fix_perms -eq 1 ]] ; then
-		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
-		ewarn "directories the world-readable bit removed (if set):"
-		ewarn "  ${EPREFIX}/var/log/nginx"
-		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-		ewarn "Check if this is correct for your setup before restarting nginx!"
-		ewarn "This is a one-time change and will not happen on subsequent updates."
-		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
-		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
-	fi
-
-	# If the nginx user can't change into or read the dir, display a warning.
-	# If su is not available we display the warning nevertheless since we can't check properly
-	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
-	if [ $? -ne 0 ] ; then
-		ewarn "Please make sure that the nginx user or group has at least"
-		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
-		ewarn "Otherwise you end up with empty log files after a logrotate."
-	fi
-
-	# HTTPoxy mitigation
-	ewarn ""
-	ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-	ewarn "vulnerability for FastCGI applications by setting the HTTP_PROXY FastCGI"
-	ewarn "parameter to an empty string per default when you are sourcing the default"
-	ewarn "'fastcgi_params' or 'fastcgi.conf' in your server block(s)."
-	ewarn ""
-	ewarn "If this is causing any problems for you make sure that you are sourcing the"
-	ewarn "default parameters _before_ you set your own values."
-	ewarn "If you are relying on user-supplied proxy values you have to remove the"
-	ewarn "correlating lines from 'fastcgi_params' and or 'fastcgi.conf'."
-}

diff --git a/www-servers/nginx/nginx-1.11.2.ebuild b/www-servers/nginx/nginx-1.11.2.ebuild
deleted file mode 100644
index 0c5275a..0000000
--- a/www-servers/nginx/nginx-1.11.2.ebuild
+++ /dev/null
@@ -1,774 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=6
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.30"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.0"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.5"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-g10782ea"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-10782eaff51872a8f44e65eed89bbe286004bcb1"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.54"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.8"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.59"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.1"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.17"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="dbcef31bebb2d54b6120422d0b178bbf78bc48f7"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-
-inherit ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
-	rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM="access limit_conn upstream"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_upload_progress
-	http_headers_more
-	http_cache_purge
-	http_slowfs_cache
-	http_fancyindex
-	http_lua
-	http_auth_pam
-	http_upstream_check
-	http_metrics
-	http_naxsi
-	http_dav_ext
-	http_echo
-	http_security
-	http_push_stream
-	http_sticky
-	http_mogilefs
-	http_memc
-	http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( >=dev-libs/libpcre-4.2 )
-	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
-	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation.patch"
-
-	if use nginx_modules_http_sticky; then
-		cd "${HTTP_STICKY_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http-sticky-nginx-1.11.2.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}/check_1.9.2+".patch
-	fi
-
-	if use nginx_modules_http_lua; then
-		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-		./configure \
-			--enable-standalone-module \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-	fi
-
-	cd "${S}" || die
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use ipv6      && myconf+=( --with-ipv6 )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			# Treat stream upstream slightly differently
-			if ! use nginx_modules_stream_upstream; then
-				myconf+=( --without-stream_upstream_hash_module )
-				myconf+=( --without-stream_upstream_least_conn_module )
-				myconf+=( --without-stream_upstream_zone_module )
-			else
-				myconf+=( --without-stream_${mod}_module )
-			fi
-		fi
-	done
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r3 nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 /var/log/nginx ${keepdir_list}
-	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
-	fi
-
-	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
-	# existing installations
-	local fix_perms=0
-
-	for rv in ${REPLACING_VERSIONS} ; do
-		version_compare ${rv} 1.4.1-r2
-		[[ $? -eq 1 ]] && fix_perms=1
-	done
-
-	if [[ $fix_perms -eq 1 ]] ; then
-		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
-		ewarn "directories the world-readable bit removed (if set):"
-		ewarn "  ${EPREFIX}/var/log/nginx"
-		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-		ewarn "Check if this is correct for your setup before restarting nginx!"
-		ewarn "This is a one-time change and will not happen on subsequent updates."
-		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
-		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
-	fi
-
-	# If the nginx user can't change into or read the dir, display a warning.
-	# If su is not available we display the warning nevertheless since we can't check properly
-	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
-	if [ $? -ne 0 ] ; then
-		ewarn "Please make sure that the nginx user or group has at least"
-		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
-		ewarn "Otherwise you end up with empty log files after a logrotate."
-	fi
-
-	# HTTPoxy mitigation
-	ewarn ""
-	ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-	ewarn "vulnerability for FastCGI applications by setting the HTTP_PROXY FastCGI"
-	ewarn "parameter to an empty string per default when you are sourcing the default"
-	ewarn "'fastcgi_params' or 'fastcgi.conf' in your server block(s)."
-	ewarn ""
-	ewarn "If this is causing any problems for you make sure that you are sourcing the"
-	ewarn "default parameters _before_ you set your own values."
-	ewarn "If you are relying on user-supplied proxy values you have to remove the"
-	ewarn "correlating lines from 'fastcgi_params' and or 'fastcgi.conf'."
-}

diff --git a/www-servers/nginx/nginx-1.11.3.ebuild b/www-servers/nginx/nginx-1.11.3.ebuild
deleted file mode 100644
index 14d8bdc..0000000
--- a/www-servers/nginx/nginx-1.11.3.ebuild
+++ /dev/null
@@ -1,782 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=6
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.30"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.0"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.5"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-g10782ea"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-10782eaff51872a8f44e65eed89bbe286004bcb1"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.54"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.8"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.59"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.1"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.17"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="dbcef31bebb2d54b6120422d0b178bbf78bc48f7"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-
-inherit ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
-	rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
-	upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
-	upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_upload_progress
-	http_headers_more
-	http_cache_purge
-	http_slowfs_cache
-	http_fancyindex
-	http_lua
-	http_auth_pam
-	http_upstream_check
-	http_metrics
-	http_naxsi
-	http_dav_ext
-	http_echo
-	http_security
-	http_push_stream
-	http_sticky
-	http_mogilefs
-	http_memc
-	http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( >=dev-libs/libpcre-4.2 )
-	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
-	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation.patch"
-	eapply "${FILESDIR}/${PN}-1.11.3-fix-build-without-stream_ssl_module.patch"
-
-	if use nginx_modules_http_sticky; then
-		cd "${HTTP_STICKY_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http-sticky-nginx-1.11.2.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}/check_1.9.2+".patch
-	fi
-
-	if use nginx_modules_http_lua; then
-		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-		./configure \
-			--enable-standalone-module \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-	fi
-
-	cd "${S}" || die
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use ipv6      && myconf+=( --with-ipv6 )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM_STD; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			myconf+=( --without-stream_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_STREAM_OPT; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-			myconf+=( --with-stream_${mod}_module )
-		fi
-	done
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r3 nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 /var/log/nginx ${keepdir_list}
-	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
-	fi
-
-	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
-	# existing installations
-	local fix_perms=0
-
-	for rv in ${REPLACING_VERSIONS}; do
-		version_compare ${rv} 1.4.1-r2
-		[[ $? -eq 1 ]] && fix_perms=1
-	done
-
-	if [[ $fix_perms -eq 1 ]] ; then
-		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
-		ewarn "directories the world-readable bit removed (if set):"
-		ewarn "  ${EPREFIX}/var/log/nginx"
-		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-		ewarn "Check if this is correct for your setup before restarting nginx!"
-		ewarn "This is a one-time change and will not happen on subsequent updates."
-		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
-		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
-	fi
-
-	# If the nginx user can't change into or read the dir, display a warning.
-	# If su is not available we display the warning nevertheless since we can't check properly
-	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
-	if [ $? -ne 0 ] ; then
-		ewarn "Please make sure that the nginx user or group has at least"
-		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
-		ewarn "Otherwise you end up with empty log files after a logrotate."
-	fi
-
-	# HTTPoxy mitigation
-	ewarn ""
-	ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-	ewarn "vulnerability for FastCGI applications by setting the HTTP_PROXY FastCGI"
-	ewarn "parameter to an empty string per default when you are sourcing the default"
-	ewarn "'fastcgi_params' or 'fastcgi.conf' in your server block(s)."
-	ewarn ""
-	ewarn "If this is causing any problems for you make sure that you are sourcing the"
-	ewarn "default parameters _before_ you set your own values."
-	ewarn "If you are relying on user-supplied proxy values you have to remove the"
-	ewarn "correlating lines from 'fastcgi_params' and or 'fastcgi.conf'."
-}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/files/, www-servers/nginx/

[Thomas Deutschmann]

commit:     d2b1f12c9d19386a8c4e14a5940661b06bb126da
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 12 19:47:33 2016 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Oct 12 19:48:08 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d2b1f12c

www-servers/nginx: Drop old

Package-Manager: portage-2.3.2

 www-servers/nginx/Manifest                         |   2 -
 ....11.3-fix-build-without-stream_ssl_module.patch |  30 -
 www-servers/nginx/nginx-1.10.1-r2.ebuild           | 768 --------------------
 www-servers/nginx/nginx-1.11.3-r1.ebuild           | 782 ---------------------
 www-servers/nginx/nginx-1.11.3-r2.ebuild           | 782 ---------------------
 5 files changed, 2364 deletions(-)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 6053301..af7423c 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,6 +1,5 @@
 DIST modsecurity-2.9.1.tar.gz 4261212 SHA256 958cc5a7a7430f93fac0fd6f8b9aa92fc1801efce0cda797d6029d44080a9b24 SHA512 374733cbfc26e53d95b78c8f268a4e465d838163e9893fc24e33a9d272b114f1b287147bab6d0289575074cbbd94f48983e23fa59832cbcb32950046cea59269 WHIRLPOOL 5f41bebf032f8a269412d104b7632a06af4d4c495658c9cd1ebf69b82c10ce1bbcb34b9dd159a7b00e57348714a5e93ad3db19701dda51479accd3a9dc79a9cb
 DIST nginx-1.10.1.tar.gz 909077 SHA256 1fd35846566485e03c0e318989561c135c598323ff349c503a6c14826487a801 SHA512 fa1329d40e83340380332dd5e2ed66f08dd59cc7f7582dd0e0193c493353ba550e80dc80e5165c225d70532d4197abc49cc8c760e8ab72e48f630cb57c2803e1 WHIRLPOOL 6942f70c3279a28bd8d664d085dee68bf0d0526c8dcb636f3258c9de598268efc984af72e527efd86889bd13911b38b0bdb2de1e92eef69cabd02f7080f64eb6
-DIST nginx-1.11.3.tar.gz 938045 SHA256 4a667f40f9f3917069db1dea1f2d5baa612f1fa19378aadf71502e846a424610 SHA512 b983aca61335facf5778675b80fc28341ec9cfee2190319ed130b9c5d5ceff8133677f4609ecafd5a782daa5962e41bb6cb6a857380bbbe9cee67cd0ab2026d4 WHIRLPOOL f197bc4f5e1ed234b26d625db5bf665a24c09da316e3cae3c0f394f0b4db116acad5db15add7fd92b5fe1428f95449538584f57272f8bad89b912fb38fbb2c7d
 DIST nginx-1.11.4.tar.gz 949793 SHA256 06221c1f43f643bc6bfe5b2c26d19e09f2588d5cde6c65bdb77dfcce7c026b3b SHA512 c6a03c440a274576434aa74932b3fa7cd49174d9e2d8c6e480838637f33f158e31b6f25cac97e158f386bb92f62ff9636c2d3ac1a552e27a860eb9448e2f3f94 WHIRLPOOL 53c371cb34bc55f28d0a0915e08a4fdeffcfcbc8571628db086e0a75627c926693f2faba8608f0c444bc79df244b7f321e6017eda0eb7710d2ccb6f25aac8b75
 DIST nginx-1.11.5.tar.gz 956517 SHA256 223f8a2345a75f891098cf26ccdf208b293350388f51ce69083674c9432db6f6 SHA512 f41b21b5d8c6b7fe7f8713e96fb6b1c40da49bf64ebb790fb5aa38f036a37b36fcf048ff72c2216552b2f75366b30c5fcdef26312bd4e5515b2476a1cd944b8c WHIRLPOOL fba49ae277ec2114b06eb0fdce87161ac7bd3e0ca90387dc58caf327c5f12056be07eeba677ff37c59e7d759054ec276ce4db647250774c57588619a1803592c
 DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 SHA256 3c11c32f05da04f1a4647dc4e35dd8d8aeacd5a2e763ba349feba3dba8663132 SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92 WHIRLPOOL ad65e8182b2634db5fa06055ef7d91c7d8aabd0fa986d8402a4845977354d6edb329621b6f9f96c90ce2d158cff20e42ae50fba06a088a84de3e3f414205dbc2
@@ -32,5 +31,4 @@ DIST ngx_metrics-0.1.1.tar.gz 2964 SHA256 1c62ebb31e3caafad91720962770b0e7a4287f
 DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 SHA256 7ac230d30907f013dff8d435a118619ea6168aa3714dba62c6962d350c6295ae SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1 WHIRLPOOL 64c9b11ad938e6dbe5ba31298f1cd46f6e6bb4ba039c96b1e43bd85919d1606326f74b677f789ecabe0b0f4e0f08ac5aaf8148bf820de65aaa1e9966a28b9f61
 DIST ngx_rtmp-1.1.10.tar.gz 519877 SHA256 f9491dd24390b0d5d70dfe3553edf3d14efeb7c7a81b4d4a20c5cfeaefc1141c SHA512 bcc0aee3308af7c61bf01a5530fcf1dae938e6778306f6e3eb5995e6d0529f43d33b7ee2acb813d5a39acc92e4853d207a01e8e41b766a6e0dd07aade60cd98f WHIRLPOOL 655f4dcb02f928698ae14d29e5b7f60ad3fd71c757d67f1930c695a3501054d124a92f7ada7d4e605204f1e73e0779cad0b60102bc98d64764535581db0b1867
 DIST ngx_rtmp-1.1.7.tar.gz 519735 SHA256 7922b0e3d5f3d9c4b275e4908cfb8f5fb1bfb3ac2df77f4c262cda56df21aab3 SHA512 9883462a04683f1e7af175da04b86d259ff6d677864667588fb073143f7130969eb2a5a5a48ddceda7a555b908580f179bdcacb7f0111413d51db5bfe43b396e WHIRLPOOL e9c1fc9c3c965ae7047657f76e0997d5da107aff7dd9e5cf3ddb5a2d8f388efd8439b82923e199dc36def449567b8529e06c80f69c36f42128236ac0be5719d5
-DIST ngx_rtmp-1.1.8.tar.gz 519647 SHA256 de5866111a5b18c9dfb1c10f3a0e84b56af77f7005a41807368f7769b8a50965 SHA512 554249b1b8bb70952a0585dcc5c55c70daa63f2eba5ef35f8b1a4932fdfd6c95b0a48739857ba8dcab08ff1e91d048f3dc43bf65250890fd7a679cdabfed880a WHIRLPOOL a8cd4361419fbae97f199d788078c62ffc442158d0338aa677e5d6d21fb27a336da85e901ee6463ff6b33201092575237d5b6f20a1d80d924ac6591cbb75c9d7
 DIST ngx_rtmp-1.1.9.tar.gz 519807 SHA256 46d914e3ba1f4c2353c1ef01a7423305255cb78226c84fac419586f849b7ea55 SHA512 888c268eb0371649e9bf971462e20472f819946f49ef5e50af97d0590a03df6d37c1fa8016eb7ea81faa0c212c429618d399102f513b029c66226d48e444f70c WHIRLPOOL 94fc496b059549a56338cd51e0bbf9a3b11b10640e1ef83e1e7cdb2845dfecde012e0951003665e02bff4ef45870b78e399d4194997cb082647dbcd638cc9716

diff --git a/www-servers/nginx/files/nginx-1.11.3-fix-build-without-stream_ssl_module.patch b/www-servers/nginx/files/nginx-1.11.3-fix-build-without-stream_ssl_module.patch
deleted file mode 100644
index 6163730..00000000
--- a/www-servers/nginx/files/nginx-1.11.3-fix-build-without-stream_ssl_module.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-
-# HG changeset patch
-# User Vladimir Homutov <vl@nginx.com>
-# Date 1469550852 -10800
-# Node ID d43ee392e825186545d81e683b88cc58ef8479bc
-# Parent  0b4249f975eba48c17b69c5e225fd12b470c0184
-Stream: fixed build without stream_ssl_module (ticket #1032).
-
-diff -r 0b4249f975eb -r d43ee392e825 src/stream/ngx_stream_proxy_module.c
---- a/src/stream/ngx_stream_proxy_module.c	Tue Jul 26 19:07:18 2016 +0300
-+++ b/src/stream/ngx_stream_proxy_module.c	Tue Jul 26 19:34:12 2016 +0300
-@@ -538,7 +538,7 @@
-         return;
-     }
- 
--#if (NGX_HTTP_SSL)
-+#if (NGX_STREAM_SSL)
-     u->ssl_name = uscf->host;
- #endif
- 
-@@ -1157,7 +1157,7 @@
-     u = s->upstream;
-     ur = u->resolved;
- 
--    ngx_log_debug0(NGX_LOG_DEBUG_HTTP, s->connection->log, 0,
-+    ngx_log_debug0(NGX_LOG_DEBUG_STREAM, s->connection->log, 0,
-                    "stream upstream resolve");
- 
-     if (ctx->state) {
-

diff --git a/www-servers/nginx/nginx-1.10.1-r2.ebuild b/www-servers/nginx/nginx-1.10.1-r2.ebuild
deleted file mode 100644
index a320bc8..00000000
--- a/www-servers/nginx/nginx-1.10.1-r2.ebuild
+++ /dev/null
@@ -1,768 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=6
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.30"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.0"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.5"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-g10782ea"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-10782eaff51872a8f44e65eed89bbe286004bcb1"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.54"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.8"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.59"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.1"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.17"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="dbcef31bebb2d54b6120422d0b178bbf78bc48f7"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-
-inherit ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
-	rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM="access limit_conn upstream"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_upload_progress
-	http_headers_more
-	http_cache_purge
-	http_slowfs_cache
-	http_fancyindex
-	http_lua
-	http_auth_pam
-	http_upstream_check
-	http_metrics
-	http_naxsi
-	http_dav_ext
-	http_echo
-	http_security
-	http_push_stream
-	http_sticky
-	http_mogilefs
-	http_memc
-	http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( >=dev-libs/libpcre-4.2 )
-	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
-	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:mainline"
-DEPEND="${CDEPEND}
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
-	if use nginx_modules_http_upstream_check; then
-		eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}/check_1.9.2+".patch
-	fi
-
-	if use nginx_modules_http_lua; then
-		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-		./configure \
-			--enable-standalone-module \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-	fi
-
-	cd "${S}" || die
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use ipv6      && myconf+=( --with-ipv6 )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			# Treat stream upstream slightly differently
-			if ! use nginx_modules_stream_upstream; then
-				myconf+=( --without-stream_upstream_hash_module )
-				myconf+=( --without-stream_upstream_least_conn_module )
-				myconf+=( --without-stream_upstream_zone_module )
-			else
-				myconf+=( --without-stream_${mod}_module )
-			fi
-		fi
-	done
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r3 nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 /var/log/nginx ${keepdir_list}
-	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
-	fi
-
-	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
-	# existing installations
-	local fix_perms=0
-
-	for rv in ${REPLACING_VERSIONS} ; do
-		version_compare ${rv} 1.4.1-r2
-		[[ $? -eq 1 ]] && fix_perms=1
-	done
-
-	if [[ $fix_perms -eq 1 ]] ; then
-		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
-		ewarn "directories the world-readable bit removed (if set):"
-		ewarn "  ${EPREFIX}/var/log/nginx"
-		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-		ewarn "Check if this is correct for your setup before restarting nginx!"
-		ewarn "This is a one-time change and will not happen on subsequent updates."
-		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
-		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
-	fi
-
-	# If the nginx user can't change into or read the dir, display a warning.
-	# If su is not available we display the warning nevertheless since we can't check properly
-	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
-	if [ $? -ne 0 ] ; then
-		ewarn "Please make sure that the nginx user or group has at least"
-		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
-		ewarn "Otherwise you end up with empty log files after a logrotate."
-	fi
-
-	# HTTPoxy mitigation
-	ewarn ""
-	ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-	ewarn "vulnerability for FastCGI applications by setting the HTTP_PROXY FastCGI"
-	ewarn "parameter to an empty string per default when you are sourcing the default"
-	ewarn "'fastcgi_params' or 'fastcgi.conf' in your server block(s)."
-	ewarn ""
-	ewarn "If this is causing any problems for you make sure that you are sourcing the"
-	ewarn "default parameters _before_ you set your own values."
-	ewarn "If you are relying on user-supplied proxy values you have to remove the"
-	ewarn "correlating lines from 'fastcgi_params' and or 'fastcgi.conf'."
-}

diff --git a/www-servers/nginx/nginx-1.11.3-r1.ebuild b/www-servers/nginx/nginx-1.11.3-r1.ebuild
deleted file mode 100644
index 1e280aa..00000000
--- a/www-servers/nginx/nginx-1.11.3-r1.ebuild
+++ /dev/null
@@ -1,782 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=6
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.1"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.30"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.0"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.5"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-g10782ea"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-10782eaff51872a8f44e65eed89bbe286004bcb1"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.54"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.8"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.59"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.1"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.17"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="dbcef31bebb2d54b6120422d0b178bbf78bc48f7"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-
-inherit ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
-	rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
-	upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
-	upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_upload_progress
-	http_headers_more
-	http_cache_purge
-	http_slowfs_cache
-	http_fancyindex
-	http_lua
-	http_auth_pam
-	http_upstream_check
-	http_metrics
-	http_naxsi
-	http_dav_ext
-	http_echo
-	http_security
-	http_push_stream
-	http_sticky
-	http_mogilefs
-	http_memc
-	http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( >=dev-libs/libpcre-4.2 )
-	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
-	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-	eapply "${FILESDIR}/${PN}-1.11.3-fix-build-without-stream_ssl_module.patch"
-
-	if use nginx_modules_http_sticky; then
-		cd "${HTTP_STICKY_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http-sticky-nginx-1.11.2.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}/check_1.9.2+".patch
-	fi
-
-	if use nginx_modules_http_lua; then
-		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-		./configure \
-			--enable-standalone-module \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-	fi
-
-	cd "${S}" || die
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use ipv6      && myconf+=( --with-ipv6 )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM_STD; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			myconf+=( --without-stream_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_STREAM_OPT; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-			myconf+=( --with-stream_${mod}_module )
-		fi
-	done
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r3 nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 /var/log/nginx ${keepdir_list}
-	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/{Changes,README.markdown}
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
-	fi
-
-	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
-	# existing installations
-	local fix_perms=0
-
-	for rv in ${REPLACING_VERSIONS}; do
-		version_compare ${rv} 1.4.1-r2
-		[[ $? -eq 1 ]] && fix_perms=1
-	done
-
-	if [[ $fix_perms -eq 1 ]] ; then
-		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
-		ewarn "directories the world-readable bit removed (if set):"
-		ewarn "  ${EPREFIX}/var/log/nginx"
-		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-		ewarn "Check if this is correct for your setup before restarting nginx!"
-		ewarn "This is a one-time change and will not happen on subsequent updates."
-		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
-		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
-	fi
-
-	# If the nginx user can't change into or read the dir, display a warning.
-	# If su is not available we display the warning nevertheless since we can't check properly
-	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
-	if [ $? -ne 0 ] ; then
-		ewarn "Please make sure that the nginx user or group has at least"
-		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
-		ewarn "Otherwise you end up with empty log files after a logrotate."
-	fi
-
-	# HTTPoxy mitigation
-	ewarn ""
-	ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-	ewarn "vulnerability for FastCGI applications by setting the HTTP_PROXY FastCGI"
-	ewarn "parameter to an empty string per default when you are sourcing the default"
-	ewarn "'fastcgi_params' or 'fastcgi.conf' in your server block(s)."
-	ewarn ""
-	ewarn "If this is causing any problems for you make sure that you are sourcing the"
-	ewarn "default parameters _before_ you set your own values."
-	ewarn "If you are relying on user-supplied proxy values you have to remove the"
-	ewarn "correlating lines from 'fastcgi_params' and or 'fastcgi.conf'."
-}

diff --git a/www-servers/nginx/nginx-1.11.3-r2.ebuild b/www-servers/nginx/nginx-1.11.3-r2.ebuild
deleted file mode 100644
index 883918d..00000000
--- a/www-servers/nginx/nginx-1.11.3-r2.ebuild
+++ /dev/null
@@ -1,782 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=6
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.31"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.1"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.6"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-g10782ea"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-10782eaff51872a8f44e65eed89bbe286004bcb1"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.54"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.9"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.60"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.1"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.17"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="dbcef31bebb2d54b6120422d0b178bbf78bc48f7"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-
-inherit ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="http://nginx.org"
-SRC_URI="http://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
-	rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
-	upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
-	upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_upload_progress
-	http_headers_more
-	http_cache_purge
-	http_slowfs_cache
-	http_fancyindex
-	http_lua
-	http_auth_pam
-	http_upstream_check
-	http_metrics
-	http_naxsi
-	http_dav_ext
-	http_echo
-	http_security
-	http_push_stream
-	http_sticky
-	http_mogilefs
-	http_memc
-	http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( >=dev-libs/libpcre-4.2 )
-	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )
-	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-	eapply "${FILESDIR}/${PN}-1.11.3-fix-build-without-stream_ssl_module.patch"
-
-	if use nginx_modules_http_sticky; then
-		cd "${HTTP_STICKY_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http-sticky-nginx-1.11.2.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}/check_1.9.2+".patch
-	fi
-
-	if use nginx_modules_http_lua; then
-		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-		./configure \
-			--enable-standalone-module \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-	fi
-
-	cd "${S}" || die
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use ipv6      && myconf+=( --with-ipv6 )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM_STD; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			myconf+=( --without-stream_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_STREAM_OPT; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-			myconf+=( --with-stream_${mod}_module )
-		fi
-	done
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r3 nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 /var/log/nginx ${keepdir_list}
-	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
-	fi
-
-	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
-	# existing installations
-	local fix_perms=0
-
-	for rv in ${REPLACING_VERSIONS}; do
-		version_compare ${rv} 1.4.1-r2
-		[[ $? -eq 1 ]] && fix_perms=1
-	done
-
-	if [[ $fix_perms -eq 1 ]] ; then
-		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
-		ewarn "directories the world-readable bit removed (if set):"
-		ewarn "  ${EPREFIX}/var/log/nginx"
-		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-		ewarn "Check if this is correct for your setup before restarting nginx!"
-		ewarn "This is a one-time change and will not happen on subsequent updates."
-		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
-		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
-	fi
-
-	# If the nginx user can't change into or read the dir, display a warning.
-	# If su is not available we display the warning nevertheless since we can't check properly
-	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
-	if [ $? -ne 0 ] ; then
-		ewarn "Please make sure that the nginx user or group has at least"
-		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
-		ewarn "Otherwise you end up with empty log files after a logrotate."
-	fi
-
-	# HTTPoxy mitigation
-	ewarn ""
-	ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-	ewarn "vulnerability for FastCGI applications by setting the HTTP_PROXY FastCGI"
-	ewarn "parameter to an empty string per default when you are sourcing the default"
-	ewarn "'fastcgi_params' or 'fastcgi.conf' in your server block(s)."
-	ewarn ""
-	ewarn "If this is causing any problems for you make sure that you are sourcing the"
-	ewarn "default parameters _before_ you set your own values."
-	ewarn "If you are relying on user-supplied proxy values you have to remove the"
-	ewarn "correlating lines from 'fastcgi_params' and or 'fastcgi.conf'."
-}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/files/, www-servers/nginx/

[Thomas Deutschmann]

commit:     d85eb428d817a74efc8fd47d54ceb4e02564b6e2
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 19 14:37:20 2016 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Oct 19 14:38:02 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d85eb428

www-servers/nginx: Fix building of uploadprogress module; Add autotools depedencies

Ebuild changes:
===============
- Since nginx-upload-progress-module was bumped to v0.9.2 (commit
  f03aacc3dc) the module was only build as dynamic module so it wasn't
  useable in Gentoo. This is now fixed. (Bug #593450)

- Cherry-picked a patch for cURL detection in Mod_Security

- Added autotools depedencies (only necessary when you build
  nginx_modules_http_security)

Gentoo-Bug: https://bugs.gentoo.org/593450

Package-Manager: portage-2.3.2

 .../nginx/files/http_security-pr_1158.patch        | 103 +++++++++++++++++++++
 .../nginx/files/http_uploadprogress-issue_50.patch |  32 +++++++
 ...{nginx-1.10.2.ebuild => nginx-1.10.2-r1.ebuild} |  36 +++++--
 ...{nginx-1.11.5.ebuild => nginx-1.11.5-r1.ebuild} |  36 +++++--
 4 files changed, 191 insertions(+), 16 deletions(-)

diff --git a/www-servers/nginx/files/http_security-pr_1158.patch b/www-servers/nginx/files/http_security-pr_1158.patch
new file mode 100644
index 00000000..92f1094
--- /dev/null
+++ b/www-servers/nginx/files/http_security-pr_1158.patch
@@ -0,0 +1,103 @@
+From 2fa8ffea68498e02005e85c27e61bde30718ae3b Mon Sep 17 00:00:00 2001
+From: Thomas Deutschmann <whissi@whissi.de>
+Date: Sat, 11 Jun 2016 16:18:17 +0200
+Subject: [PATCH 1/2] configure: Fix detection whether libcurl is linked
+ against gnutls
+
+The find_curl macro is also checking whether libcurl is linked against
+gnutls. However the check depends on "CURL_LIBS" which wasn't defined
+by the macro.
+
+This commit will define "CURL_LIBS" so that the check works as expected.
+---
+ build/find_curl.m4 | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/build/find_curl.m4 b/build/find_curl.m4
+index 6b23ad6..3310e40 100644
+--- a/build/find_curl.m4
++++ b/build/find_curl.m4
+@@ -2,6 +2,7 @@ dnl Check for CURL Libraries
+ dnl CHECK_CURL(ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND])
+ dnl Sets:
+ dnl  CURL_CFLAGS
++dnl  CURL_LDADD
+ dnl  CURL_LIBS
+ 
+ CURL_CONFIG=""
+@@ -57,7 +58,8 @@ if test -n "${curl_path}"; then
+     if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(curl VERSION: $CURL_VERSION); fi
+     CURL_CFLAGS="`${CURL_CONFIG} --cflags`"
+     if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(curl CFLAGS: $CURL_CFLAGS); fi
+-    CURL_LDADD="`${CURL_CONFIG} --libs`"
++    CURL_LIBS="`${CURL_CONFIG} --libs`"
++    CURL_LDADD="${CURL_LIBS}"
+     if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(curl LDADD: $CURL_LIBS); fi
+ 
+     dnl # Check version is ok
+
+From 67f98e7da04251a40a0172e3dfac2c5a6ac6f7dd Mon Sep 17 00:00:00 2001
+From: Thomas Deutschmann <whissi@whissi.de>
+Date: Sat, 11 Jun 2016 16:48:58 +0200
+Subject: [PATCH 2/2] configure: Move verbose_output declaration up to the
+ beginning
+
+Macros like "find_curl" are using "verbose_output" variable but because some
+of them are called before we define the variable we are seeing errors like
+
+  ./configure: line 13855: test: : integer expression expected
+
+This commit will fix the problem by moving the "verbose_output" declaration
+up to the beginning so that the variable is available for every macro.
+---
+ configure.ac | 30 ++++++++++++++++--------------
+ 1 file changed, 16 insertions(+), 14 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 7517885..0f32b01 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -70,6 +70,22 @@ AC_SUBST(MSC_REGRESSION_DOCROOT_DIR)
+ 
+ ### Configure Options
+ 
++# Verbose output
++AC_ARG_ENABLE(verbose-output,
++              AS_HELP_STRING([--enable-verbose-output],
++                             [Enable more verbose configure output.]),
++[
++  if test "$enableval" != "no"; then
++    verbose_output=1
++  else
++    verbose_output=0
++  fi
++],
++[
++  verbose_output=0
++])
++
++
+ #OS type
+ 
+ AC_CANONICAL_HOST
+@@ -410,20 +426,6 @@ AC_ARG_ENABLE(errors,
+   report_errors=1
+ ])
+ 
+-# Verbose output
+-AC_ARG_ENABLE(verbose-output,
+-              AS_HELP_STRING([--enable-verbose-output],
+-                             [Enable more verbose configure output.]),
+-[
+-  if test "$enableval" != "no"; then
+-    verbose_output=1
+-  else
+-    verbose_output=0
+-  fi
+-],
+-[
+-  verbose_output=0
+-])
+ 
+ # Strict Compile
+ AC_ARG_ENABLE(strict-compile,

diff --git a/www-servers/nginx/files/http_uploadprogress-issue_50.patch b/www-servers/nginx/files/http_uploadprogress-issue_50.patch
new file mode 100644
index 00000000..3347c5b
--- /dev/null
+++ b/www-servers/nginx/files/http_uploadprogress-issue_50.patch
@@ -0,0 +1,32 @@
+From edd7e026fa992f58b04ea9d00b56239f37b3e320 Mon Sep 17 00:00:00 2001
+From: Thomas Deutschmann <whissi@whissi.de>
+Date: Wed, 19 Oct 2016 15:05:27 +0200
+Subject: [PATCH] config: Only build as dynamic module when really requested
+
+Since commit 37182ce2f3b6 the module was always build as dynamic module.
+Probably because following a bad skeleton [1].
+
+With this change we will only build a dynamic module when requested. Otherwise
+we will fall back to static build.
+
+Link: https://trac.nginx.org/nginx/ticket/1115
+Gentoo-Bug: https://bugs.gentoo.org/593450
+Fixes: https://github.com/masterzen/nginx-upload-progress-module/issues/50
+---
+ config | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/config b/config
+index 364af8c..d704460 100644
+--- a/config
++++ b/config
+@@ -1,5 +1,5 @@
+ ngx_addon_name=ngx_http_uploadprogress_module
+-if test -n "$ngx_module_link"; then
++if [ $ngx_module_link = DYNAMIC ] ; then
+     ngx_module_type=FILTER
+     ngx_module_name=ngx_http_uploadprogress_module
+     ngx_module_srcs="$ngx_addon_dir/ngx_http_uploadprogress_module.c"
+-- 
+2.10.1
+

diff --git a/www-servers/nginx/nginx-1.10.2.ebuild b/www-servers/nginx/nginx-1.10.2-r1.ebuild
similarity index 98%
rename from www-servers/nginx/nginx-1.10.2.ebuild
rename to www-servers/nginx/nginx-1.10.2-r1.ebuild
index f5a4f5e..c649333 100644
--- a/www-servers/nginx/nginx-1.10.2.ebuild
+++ b/www-servers/nginx/nginx-1.10.2-r1.ebuild
@@ -140,8 +140,9 @@ HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
 
 # We handle deps below ourselves
 SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
 
-inherit ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
 
 DESCRIPTION="Robust, small and high performance http and reverse proxy server"
 HOMEPAGE="http://nginx.org"
@@ -276,6 +277,7 @@ RDEPEND="${CDEPEND}
 	selinux? ( sec-policy/selinux-nginx )
 	!www-servers/nginx:mainline"
 DEPEND="${CDEPEND}
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
 	arm? ( dev-libs/libatomic_ops )
 	libatomic? ( dev-libs/libatomic_ops )"
 PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
@@ -334,6 +336,28 @@ src_prepare() {
 		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
 	fi
 
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eapply "${FILESDIR}"/http_security-pr_1158.patch
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50.patch
+		cd "${S}" || die
+	fi
+
 	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
 	# We have config protection, don't rename etc files
 	sed -i 's:.default::' auto/install || die
@@ -355,20 +379,16 @@ src_configure() {
 	# mod_security needs to generate nginx/modsecurity/config before including it
 	if use nginx_modules_http_security; then
 		cd "${HTTP_SECURITY_MODULE_WD}" || die
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
+
 		./configure \
 			--enable-standalone-module \
 			--disable-mlogc \
 			--with-ssdeep=no \
 			$(use_enable pcre-jit) \
 			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-	fi
 
-	cd "${S}" || die
+		cd "${S}" || die
+	fi
 
 	local myconf=() http_enabled= mail_enabled= stream_enabled=
 

diff --git a/www-servers/nginx/nginx-1.11.5.ebuild b/www-servers/nginx/nginx-1.11.5-r1.ebuild
similarity index 98%
rename from www-servers/nginx/nginx-1.11.5.ebuild
rename to www-servers/nginx/nginx-1.11.5-r1.ebuild
index c5ed9be..46c24d3 100644
--- a/www-servers/nginx/nginx-1.11.5.ebuild
+++ b/www-servers/nginx/nginx-1.11.5-r1.ebuild
@@ -140,8 +140,9 @@ HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
 
 # We handle deps below ourselves
 SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
 
-inherit ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
 
 DESCRIPTION="Robust, small and high performance http and reverse proxy server"
 HOMEPAGE="http://nginx.org"
@@ -283,6 +284,7 @@ RDEPEND="${CDEPEND}
 	selinux? ( sec-policy/selinux-nginx )
 	!www-servers/nginx:0"
 DEPEND="${CDEPEND}
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
 	arm? ( dev-libs/libatomic_ops )
 	libatomic? ( dev-libs/libatomic_ops )"
 PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
@@ -342,6 +344,28 @@ src_prepare() {
 		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
 	fi
 
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eapply "${FILESDIR}"/http_security-pr_1158.patch
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50.patch
+		cd "${S}" || die
+	fi
+
 	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
 	# We have config protection, don't rename etc files
 	sed -i 's:.default::' auto/install || die
@@ -363,20 +387,16 @@ src_configure() {
 	# mod_security needs to generate nginx/modsecurity/config before including it
 	if use nginx_modules_http_security; then
 		cd "${HTTP_SECURITY_MODULE_WD}" || die
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
+
 		./configure \
 			--enable-standalone-module \
 			--disable-mlogc \
 			--with-ssdeep=no \
 			$(use_enable pcre-jit) \
 			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-	fi
 
-	cd "${S}" || die
+		cd "${S}" || die
+	fi
 
 	local myconf=() http_enabled= mail_enabled= stream_enabled=
 

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/files/, www-servers/nginx/

[Thomas Deutschmann]

commit:     91414fcbaefc2c8c9cb7f4db7fdeda9127452257
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 15 21:33:48 2016 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Nov 15 21:48:52 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=91414fcb

www-servers/nginx: Bump to v1.11.6 mainline

Ebuild changes:
===============
 - ngx_headers_more module updated to v0.32

 - LUA module updated to v0.10.7

 - Patch for ngx_memc added to solve a build issue with
   latest nginx [Link 1]

Link 1: https://github.com/openresty/memc-nginx-module/issues/26

Package-Manager: portage-2.3.2

 www-servers/nginx/Manifest                         |   3 +
 .../nginx/files/http_memc-0.17-issue_26.patch      |  40 +
 www-servers/nginx/nginx-1.11.6.ebuild              | 815 +++++++++++++++++++++
 3 files changed, 858 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index b76141c..9c0b9aa 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -3,6 +3,7 @@ DIST nginx-1.10.1.tar.gz 909077 SHA256 1fd35846566485e03c0e318989561c135c598323f
 DIST nginx-1.10.2.tar.gz 910812 SHA256 1045ac4987a396e2fa5d0011daf8987b612dd2f05181b67507da68cbe7d765c2 SHA512 f2d5a4fbabaf9333bae46461bcbe3dbcc5ff7e8f8c7a5dead3063e3d59c9ec15dc85262a23ca7d693db45a50ec98a70fb216b3da9872ee23d57b6bfaf064876e WHIRLPOOL 7e819f43a68de49d3cceb3e5ec81eef6872859df0abca2be00fb73c8779c2716b6997ea5f8cadb93af195d9f4d07a4404f51e0752dd881628de93a0c0289aea7
 DIST nginx-1.11.4.tar.gz 949793 SHA256 06221c1f43f643bc6bfe5b2c26d19e09f2588d5cde6c65bdb77dfcce7c026b3b SHA512 c6a03c440a274576434aa74932b3fa7cd49174d9e2d8c6e480838637f33f158e31b6f25cac97e158f386bb92f62ff9636c2d3ac1a552e27a860eb9448e2f3f94 WHIRLPOOL 53c371cb34bc55f28d0a0915e08a4fdeffcfcbc8571628db086e0a75627c926693f2faba8608f0c444bc79df244b7f321e6017eda0eb7710d2ccb6f25aac8b75
 DIST nginx-1.11.5.tar.gz 956517 SHA256 223f8a2345a75f891098cf26ccdf208b293350388f51ce69083674c9432db6f6 SHA512 f41b21b5d8c6b7fe7f8713e96fb6b1c40da49bf64ebb790fb5aa38f036a37b36fcf048ff72c2216552b2f75366b30c5fcdef26312bd4e5515b2476a1cd944b8c WHIRLPOOL fba49ae277ec2114b06eb0fdce87161ac7bd3e0ca90387dc58caf327c5f12056be07eeba677ff37c59e7d759054ec276ce4db647250774c57588619a1803592c
+DIST nginx-1.11.6.tar.gz 960331 SHA256 3153abbb518e2d9c032e1b127da3dc0028ad36cd4679e5f3be0b8afa33bc85bd SHA512 1969f527d4554a976d14e82c2297c519a0d0d82a9fbd3cc703ab42a23067c7fcf101ddf16f1abff374c71f37969fd7c58d2a344c57566538b821acc32cd3d979 WHIRLPOOL 67ed24c25b20f6d94f3a0602946f750b4efafd79d3a093a35fdf370a20377abcc2a54c00fcd5e7bc54305515da9234fb2f192c744a7fb59c4bbdee2ba0c0f626
 DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 SHA256 3c11c32f05da04f1a4647dc4e35dd8d8aeacd5a2e763ba349feba3dba8663132 SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92 WHIRLPOOL ad65e8182b2634db5fa06055ef7d91c7d8aabd0fa986d8402a4845977354d6edb329621b6f9f96c90ce2d158cff20e42ae50fba06a088a84de3e3f414205dbc2
 DIST nginx-auth-ldap-dbcef31bebb2d54b6120422d0b178bbf78bc48f7.tar.gz 16998 SHA256 35c8f29581823be0f8bdbcf237d7fa5518c45eabe0ab9a695b131d32c8f1c264 SHA512 f47a9a6c5f93daa9260825261d2069bca5fc528221f94fc8ec98462f61774a36bce0238d931f8d0690544fd0144a83f942b6673c8376fe03f7834f8da9666671 WHIRLPOOL 26a2f67e715d13f785932f00e642c0864b5b7059d120f7fe7458017dbe02203f4873d1cfc4f0dd262834465438ad2b00ef4b49295e18a8e246abda6f7694ac70
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 SHA256 6f9102321d8c68df6d67e9bde145a8de3f45f99f6cb47c08735a86f003234d31 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529 WHIRLPOOL 38abe56e177e22dad68ac7d6570425ecd763d2e891627a75156a6f39bd7edc54f664c3d2f638e1ea57c743dadc6a8c9889be087abbdb4c98b5641c299f7fbc07
@@ -17,8 +18,10 @@ DIST ngx_http_fancyindex-0.4.0.tar.gz 18419 SHA256 152cc2cf082c23cbc7b0fc76f14af
 DIST ngx_http_fancyindex-0.4.1.tar.gz 21130 SHA256 2b00d8e0ad2a67152a9cee7b7ee67990c742d501412df912baaf1eee9bb6dc71 SHA512 ce0043ad4a2b638c5d99244d6caaa65ad142cea78884084a9aeca5a9593c68dbe508c9e4dd85dc5722eb63ef386612bffc48d4b6fc1487df244fbcb7a73bffe1 WHIRLPOOL 4a885afbadf64bbd25df6580a099472ae48836d9dddfe1dee6ac6a6f97bfb0cf7120ff10dd69fceca7085fab590bec3a4b4b5be5644f2352375316885ddc3cac
 DIST ngx_http_headers_more-0.30.tar.gz 27793 SHA256 2aad309a9313c21c7c06ee4e71a39c99d4d829e31c8b3e7d76f8c964ea8047f5 SHA512 378f2c4b4fbf580e59c8ad3ef5fcb617e4669b7b506a0ae87e4e0bc920d34e16fe55565e48dd57e7b6c37ae8b407646ca64f5d84a2fbbe2d41d719c7643c1a82 WHIRLPOOL f50bb5c2e23fb63d98904163a873edf947f65e57dc0f73489024243c1d5b04e0677015a075d315585e535e226b8dad659bada563778b8ddf4d060e918fc37ace
 DIST ngx_http_headers_more-0.31.tar.gz 27941 SHA256 b2e8162cce2d24861b1ed5bbb30fc51d5215e3f4bb9d01f53fc344904d5911e7 SHA512 bc6b936dff9989af9eb97864e5e9499748ea8c73b2f49a24ad00d2a90bf77d1d743e6789f7bf3948a7baaaa44b0cc9f48a1c8a52bce9902a13c88e1f6673c6e1 WHIRLPOOL 79dd5ecb8eaabf6d81380888b687a962339c93d6bff14c88156782d5846d1121d33e0851ab27b44fb1b9f2035484093327fb92559e655dbdc6362faddb76b5e2
+DIST ngx_http_headers_more-0.32.tar.gz 28033 SHA256 c6d9dab8ea1fc997031007e2e8f47cced01417e203cd88d53a9fe9f6ae138720 SHA512 e42582b45c3111de3940bbeb67ce161aca2d55adcfb00c61c12256fa0e36221d38723013f36edbcf6d1b520f8dfb49d4657df8a956e66d36e68425afad382bd1 WHIRLPOOL 2b95ea8e2933e83082b9dfd7aaa8f57dd38b0ec12fb452a4aa38a215ca76b6572fe35b79c8afe8cf3097bf89ced0e81c33e07ee6913c99966b87b8e610df3121
 DIST ngx_http_lua-0.10.5.tar.gz 579793 SHA256 4f0292c37ab3d7cb980c994825040be1bda2c769cbd800e79c43eb37458347d4 SHA512 a02b8614fdcd063b1087a3114f05402c707343ff3bceabaca1fb98531ba30edea1a525fc45e2f5a49ff155de8d6f9e1155e8870e463476da5703acfd5f8fc3fc WHIRLPOOL 9c72353bc58a98fd3bae68bd9b13228d202167422a429aa4b455f7e280cb617b5c083131e4f372708e602342b24b150437ed8ebae9647a397bae8a88a13b385c
 DIST ngx_http_lua-0.10.6.tar.gz 597217 SHA256 b98c4f648589bbf3e2c3d5fd18664e7a7ef89ac083e96c8e984fa919e7a7c073 SHA512 202aaf39381d151d5f456e5cd61c87b65fa20ece997f7e517a3eb3912af3a153747a674ac004dbcc474728567ff58436cfb408accd5e922d805b1d697c34774c WHIRLPOOL c4fd64114d74afbaba02c3e7bb1c5562281636624a581c6535f6aa310886f766b9cf0e63a8921599c617d411d5ec920e4b08b54588bfac7cf4c24e8ffc13d26b
+DIST ngx_http_lua-0.10.7.tar.gz 605171 SHA256 c21c8937dcdd6fc2b6a955f929e3f4d1388610f47180e60126e6dcab06786f77 SHA512 d060a13de4d01d77e6d6cd1635ecbb405330e4326b71b89341c1c128ee4182978a51d53355bc07c350e3c3a7df15325e3df380d9c3a98b2ff7d7efa18fa09b32 WHIRLPOOL 7b64f75aae2ab74f51b3b2d07a59262a2c8ab2b863698b93b1184c003049641b45eded8fa5cc6301887c80d5fc34e9f22365da7765b3d5594ad838dacfceddd7
 DIST ngx_http_naxsi-0.54.tar.gz 163809 SHA256 9cc2c09405bc71f78ef26a8b6d70afcea3fccbe8125df70cb0cfc480133daba5 SHA512 91934bfd41495715269cc6e549d17f6da66f2bdd0c9a6821fa9096b694dd3927109c4aad2f8b327620ae7c34f76a0839ac16669cd8c65081bc01fa7f829c1d43 WHIRLPOOL ef68cfecc9849086527c3590744d3c0d73cec830c6cf1ebca63566a7444438757a85d0c79fa552c4763e0416a615f4cf8d99622e2f36d3713b7072138a82f5a8
 DIST ngx_http_naxsi-0.55.1.tar.gz 185997 SHA256 45dd0df7a6b0b6aa9c64eb8c39a8e294d659d87fb18e192cf58f1402f3cdb0a8 SHA512 aebda20e5b78e9111b7bac1e15829258e6b85b80e4ce333e4dba8caead36287b3f0fcb453c51d7c59f07d637fa62f5c6b23aecd3bf6a3c3da4abebf1a6689f14 WHIRLPOOL 36830d10a35b724b7ea15e3884e96e2e4dd84f2b81fc1c7122d3e2e83a1942227321b1a7141d829423788bc52a3e199a95ca2637369e17f84ea16eb0cb2e5e37
 DIST ngx_http_push_stream-0.5.2.tar.gz 182008 SHA256 1d07f38acdb8194bd49344b0ba21de101070de9b8731d27a8d22e928850bc199 SHA512 ee8bf9ece652da6aa5a39879298bba70d1842696545259f3f5e302cc61397b35f016364805805f9ab1914fc39ed2f07c015e042155789073e3d1fdc02a0783de WHIRLPOOL d309cecbb1bb5b6c4f64712d44889e3ecca59140d845a31a3f605dc3cc2aa01622b0deadb8f6852baea3c211bebbe6ed7d7868399447ac1249c1b1b740fa3c27

diff --git a/www-servers/nginx/files/http_memc-0.17-issue_26.patch b/www-servers/nginx/files/http_memc-0.17-issue_26.patch
new file mode 100644
index 00000000..aefb040
--- /dev/null
+++ b/www-servers/nginx/files/http_memc-0.17-issue_26.patch
@@ -0,0 +1,40 @@
+From 2fbc95b6ece36e01e6fea8c5691ef1611d948943 Mon Sep 17 00:00:00 2001
+From: Thomas Deutschmann <whissi@gentoo.org>
+Date: Tue, 15 Nov 2016 18:56:30 +0100
+Subject: [PATCH] Upstream: don't consider default_port when matching
+ upstreams.
+
+Upstream changed API [Link 1] and removed ngx_http_upstream_srv_conf_t.default_port.
+
+Upstream's own changeset [Link 2] suggests that the check was not needed at
+all.
+
+Link 1: http://hg.nginx.org/nginx/rev/4dea01cf49e8
+Link 2: http://hg.nginx.org/nginx/rev/3fa5983b6b44
+Bug: https://github.com/openresty/memc-nginx-module/issues/26
+---
+ src/ngx_http_memc_util.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/ngx_http_memc_util.c b/src/ngx_http_memc_util.c
+index 090bf43..20cb877 100644
+--- a/src/ngx_http_memc_util.c
++++ b/src/ngx_http_memc_util.c
+@@ -141,12 +141,14 @@ ngx_http_memc_upstream_add(ngx_http_request_t *r, ngx_url_t *url)
+             continue;
+         }
+ 
++#if defined(nginx_version) && nginx_version < 1011006
+         if (uscfp[i]->default_port && url->default_port
+             && uscfp[i]->default_port != url->default_port)
+         {
+             dd("upstream_add: default_port not match");
+             continue;
+         }
++#endif
+ 
+         return uscfp[i];
+     }
+-- 
+2.10.2
+

diff --git a/www-servers/nginx/nginx-1.11.6.ebuild b/www-servers/nginx/nginx-1.11.6.ebuild
new file mode 100644
index 00000000..fe14c2a
--- /dev/null
+++ b/www-servers/nginx/nginx-1.11.6.ebuild
@@ -0,0 +1,815 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.32"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.1"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.7"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.1"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.1.10"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.0.3"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.60"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.1"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.17"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="http://nginx.org"
+SRC_URI="http://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+	rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
+	upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_upload_progress
+	http_headers_more
+	http_cache_purge
+	http_slowfs_cache
+	http_fancyindex
+	http_lua
+	http_auth_pam
+	http_upstream_check
+	http_metrics
+	http_naxsi
+	http_dav_ext
+	http_echo
+	http_security
+	http_push_stream
+	http_sticky
+	http_mogilefs
+	http_memc
+	http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_upstream_check; then
+		#eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+	fi
+
+	if use nginx_modules_http_lua; then
+		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
+	fi
+
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eapply "${FILESDIR}"/http_security-pr_1158.patch
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_memc; then
+		cd "${HTTP_MEMC_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_memc-0.17-issue_26.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+		cd "${S}" || die
+	fi
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	local WITHOUT_IPV6=
+	if ! use ipv6; then
+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		--with-compat \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r3 nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 /var/log/nginx ${keepdir_list}
+	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+	fi
+
+	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for
+	# existing installations
+	local fix_perms=0
+
+	for rv in ${REPLACING_VERSIONS}; do
+		version_compare ${rv} 1.4.1-r2
+		[[ $? -eq 1 ]] && fix_perms=1
+	done
+
+	if [[ $fix_perms -eq 1 ]] ; then
+		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"
+		ewarn "directories the world-readable bit removed (if set):"
+		ewarn "  ${EPREFIX}/var/log/nginx"
+		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+		ewarn "Check if this is correct for your setup before restarting nginx!"
+		ewarn "This is a one-time change and will not happen on subsequent updates."
+		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"
+		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}
+	fi
+
+	# If the nginx user can't change into or read the dir, display a warning.
+	# If su is not available we display the warning nevertheless since we can't check properly
+	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
+	if [ $? -ne 0 ] ; then
+		ewarn "Please make sure that the nginx user or group has at least"
+		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
+		ewarn "Otherwise you end up with empty log files after a logrotate."
+	fi
+
+	# HTTPoxy mitigation
+	ewarn ""
+	ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+	ewarn "vulnerability for FastCGI applications by setting the HTTP_PROXY FastCGI"
+	ewarn "parameter to an empty string per default when you are sourcing the default"
+	ewarn "'fastcgi_params' or 'fastcgi.conf' in your server block(s)."
+	ewarn ""
+	ewarn "If this is causing any problems for you make sure that you are sourcing the"
+	ewarn "default parameters _before_ you set your own values."
+	ewarn "If you are relying on user-supplied proxy values you have to remove the"
+	ewarn "correlating lines from 'fastcgi_params' and or 'fastcgi.conf'."
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/files/, www-servers/nginx/

[Thomas Deutschmann]

commit:     85f4b8342e104aab605abf551c2b71ac87e0170e
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Apr 14 10:37:27 2017 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Apr 14 10:51:36 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=85f4b834

www-servers/nginx: Rev bump mainline slot to update lua module nginx-1.11.11+ patch

Ebuild changes:
===============
 - HTTP LUA module bumped to v0.10.8
   Warning: While the module builds against nginx-1.11.11+ the author warns
            that >=nginx-1.11.11 is still not an officially supported target
            for that module. You are on your own!

- RTMP module bumped to v1.1.11

- HTTP memc module bumped to v0.18

Package-Manager: Portage-2.3.5, Repoman-2.3.2

 www-servers/nginx/Manifest                         |    3 +-
 .../nginx/files/http_lua_nginx-1.11.11+-r1.patch   |  214 +++++
 .../nginx/files/http_lua_nginx-1.11.11+.patch      |   46 -
 ...x-1.11.12-r1.ebuild => nginx-1.11.13-r1.ebuild} |   22 +-
 www-servers/nginx/nginx-1.11.13.ebuild             | 1011 --------------------
 5 files changed, 229 insertions(+), 1067 deletions(-)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index e121a44fcc7..06b177149bf 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,7 +1,6 @@
 DIST modsecurity-2.9.1.tar.gz 4261212 SHA256 958cc5a7a7430f93fac0fd6f8b9aa92fc1801efce0cda797d6029d44080a9b24 SHA512 374733cbfc26e53d95b78c8f268a4e465d838163e9893fc24e33a9d272b114f1b287147bab6d0289575074cbbd94f48983e23fa59832cbcb32950046cea59269 WHIRLPOOL 5f41bebf032f8a269412d104b7632a06af4d4c495658c9cd1ebf69b82c10ce1bbcb34b9dd159a7b00e57348714a5e93ad3db19701dda51479accd3a9dc79a9cb
 DIST nginx-1.10.3.tar.gz 911509 SHA256 75020f1364cac459cb733c4e1caed2d00376e40ea05588fb8793076a4c69dd90 SHA512 25cddbe5c419700aeca41bff3be5b7c3accfb38ad846ec8d91d81ab7c15f10db719f02d9263edf1fa12f59805ff7001b62864dc2885370b24afeea1d7d2afbbf WHIRLPOOL 1ebf540d49d28a853a9221a558b53d28e2e7dfddf345e433baa4c2b819f6e1fe34528b4680387147c73271d3837529a4452e53b863dff5d29772c2b0a75e0ba6
 DIST nginx-1.11.10.tar.gz 967773 SHA256 778b3cabb07633f754cd9dee32fc8e22582bce22bfa407be76a806abd935533d SHA512 b6437d8305547a834a0f3ad076ac591b90189eb922f48759094efaa9618e39fc249600ab13650113fe841fc9af0b736acc61a9b9baba7bacd35224c34df1bbc9 WHIRLPOOL f9535d4fabad7603cc384dda13aca51be77c7901d099190f9d5a187e517128a56a28cb851408b93091f8d99ce118678857ec08fba16bec4c2e2ed2d75ab543bd
-DIST nginx-1.11.12.tar.gz 979963 SHA256 2aff7f9396d1f77256efc363e1cc05ba52d40a29e6de4d9bc08aa444eea14122 SHA512 fc40551b83c98cf81a3a7728c8b143a4d8b98251e8caccf5391397639aacb631ff57427c8207a3f9c86f0a5cb212edaf3ed0d9d92ab085d3387097b99326ff69 WHIRLPOOL 8da4c8a7578abad39f073b4f034bf328e896b51f62d25ad8280c67334e190c1277d988803e9ce169b7e3e1170bbd49dee8f1e2b1cb0f39460e77da568ab75bf0
 DIST nginx-1.11.13.tar.gz 980784 SHA256 360b601ef8ed2998c80fa56a27bf3cd745c3ce18c5fb10892e6595467b1415d3 SHA512 6546a1d96e5234c9512217559c22bc4be0e5f793d6082a9a3acaa1724c91c656b36a976cb452195b256915dc0d21fd433f539cd6c06d73c8dbb0233220d54fa8 WHIRLPOOL 53b3e0b8767ea93d4a3daaf5cfcd489dd83d9f60f53f985c677dfb328b7e6aee13114290bed22b268bca12d2e63fbb142b2357ef7dd8166e8da9eac4c931289a
 DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 SHA256 3c11c32f05da04f1a4647dc4e35dd8d8aeacd5a2e763ba349feba3dba8663132 SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92 WHIRLPOOL ad65e8182b2634db5fa06055ef7d91c7d8aabd0fa986d8402a4845977354d6edb329621b6f9f96c90ce2d158cff20e42ae50fba06a088a84de3e3f414205dbc2
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 SHA256 6f9102321d8c68df6d67e9bde145a8de3f45f99f6cb47c08735a86f003234d31 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529 WHIRLPOOL 38abe56e177e22dad68ac7d6570425ecd763d2e891627a75156a6f39bd7edc54f664c3d2f638e1ea57c743dadc6a8c9889be087abbdb4c98b5641c299f7fbc07
@@ -13,6 +12,7 @@ DIST ngx_http_echo-0.60.tar.gz 52771 SHA256 1077da2229ac7d0a0215e9e6817e297c1069
 DIST ngx_http_fancyindex-0.4.1.tar.gz 21130 SHA256 2b00d8e0ad2a67152a9cee7b7ee67990c742d501412df912baaf1eee9bb6dc71 SHA512 ce0043ad4a2b638c5d99244d6caaa65ad142cea78884084a9aeca5a9593c68dbe508c9e4dd85dc5722eb63ef386612bffc48d4b6fc1487df244fbcb7a73bffe1 WHIRLPOOL 4a885afbadf64bbd25df6580a099472ae48836d9dddfe1dee6ac6a6f97bfb0cf7120ff10dd69fceca7085fab590bec3a4b4b5be5644f2352375316885ddc3cac
 DIST ngx_http_headers_more-0.32.tar.gz 28033 SHA256 c6d9dab8ea1fc997031007e2e8f47cced01417e203cd88d53a9fe9f6ae138720 SHA512 e42582b45c3111de3940bbeb67ce161aca2d55adcfb00c61c12256fa0e36221d38723013f36edbcf6d1b520f8dfb49d4657df8a956e66d36e68425afad382bd1 WHIRLPOOL 2b95ea8e2933e83082b9dfd7aaa8f57dd38b0ec12fb452a4aa38a215ca76b6572fe35b79c8afe8cf3097bf89ced0e81c33e07ee6913c99966b87b8e610df3121
 DIST ngx_http_lua-0.10.7.tar.gz 605171 SHA256 c21c8937dcdd6fc2b6a955f929e3f4d1388610f47180e60126e6dcab06786f77 SHA512 d060a13de4d01d77e6d6cd1635ecbb405330e4326b71b89341c1c128ee4182978a51d53355bc07c350e3c3a7df15325e3df380d9c3a98b2ff7d7efa18fa09b32 WHIRLPOOL 7b64f75aae2ab74f51b3b2d07a59262a2c8ab2b863698b93b1184c003049641b45eded8fa5cc6301887c80d5fc34e9f22365da7765b3d5594ad838dacfceddd7
+DIST ngx_http_lua-0.10.8.tar.gz 606643 SHA256 d67449c71051b3cc2d6dd60df0ae0d21fca08aa19c9b30c5b95ee21ff38ef8dd SHA512 ad621cec178eb37109f16ebc30dbab7b1ea344ac4b523ff1e6ad62364b8cf437488a89c593ca44b446b729a1c578e3a97685851847b4b16a147ac9eca8f23a2a WHIRLPOOL 07ba9d1c35c5f8cf627a485ee19b4a5bd0969efc70283f4617af542c5152879aba2b6f5e0a8fd1a6d1a69c2438a499f56156de6f3345a0f2f6527686e682baba
 DIST ngx_http_naxsi-0.55.1.tar.gz 185997 SHA256 45dd0df7a6b0b6aa9c64eb8c39a8e294d659d87fb18e192cf58f1402f3cdb0a8 SHA512 aebda20e5b78e9111b7bac1e15829258e6b85b80e4ce333e4dba8caead36287b3f0fcb453c51d7c59f07d637fa62f5c6b23aecd3bf6a3c3da4abebf1a6689f14 WHIRLPOOL 36830d10a35b724b7ea15e3884e96e2e4dd84f2b81fc1c7122d3e2e83a1942227321b1a7141d829423788bc52a3e199a95ca2637369e17f84ea16eb0cb2e5e37
 DIST ngx_http_naxsi-0.55.3.tar.gz 187416 SHA256 0b3c95d250772dc89ad8b49e47c1e024c5ae2c76c0cffa445e9fe05c4dd13495 SHA512 9e8f41a5cd1342cc9b8aa334a603842d14a256aab1f4a21205bb1278aecbb0c49e39c889d8113a5b41aad2efeaa2ed9f11cba6929173f50add91f54c4c59c8a0 WHIRLPOOL 0a1bbe06730730944a882d86ffa378c4a3c759366208913603ffd18fcd7b18e65b6b1a89e9a07dc82e360dfe7ef4a6430391f6e52de35023d33ca19e80a3b693
 DIST ngx_http_push_stream-0.5.2.tar.gz 182008 SHA256 1d07f38acdb8194bd49344b0ba21de101070de9b8731d27a8d22e928850bc199 SHA512 ee8bf9ece652da6aa5a39879298bba70d1842696545259f3f5e302cc61397b35f016364805805f9ab1914fc39ed2f07c015e042155789073e3d1fdc02a0783de WHIRLPOOL d309cecbb1bb5b6c4f64712d44889e3ecca59140d845a31a3f605dc3cc2aa01622b0deadb8f6852baea3c211bebbe6ed7d7868399447ac1249c1b1b740fa3c27
@@ -20,6 +20,7 @@ DIST ngx_http_slowfs_cache-1.10.tar.gz 11809 SHA256 1e81453942e5b0877de1f1f06c56
 DIST ngx_http_upload_progress-0.9.2-r1.tar.gz 17268 SHA256 b286689355442657650421d8e8398bd4abf9dbbaade65947bb0cb74a349cc497 SHA512 c31c46344d49704389722325a041b9cd170fa290acefe92cfc572c07f711cd3039de78f28df48ca7dcb79b2e4bbe442580aaaf4d92883fd3a14bf41d66dd9d8c WHIRLPOOL e847603f1445c7e1471a5570e2774a448be880eb71eeb21e27361586bcee9aae31cb0a8a80cd5abfc8d14e2c356fabfa7293e6a4d5f6782d41521a7bdc124066
 DIST ngx_http_upstream_check-0.3.0-10-gf3bdb7b.tar.gz 129060 SHA256 9e0835e8c1550033e74c7eaeebf94d41ab1617cff152dd076da976e0eba30bfc SHA512 5b2ae6d305d24d0c64dc118fd3b0c23f5bf0e9a282e70e8d2c4eb946ed510263b5e845f64ca352784e34708cf9d98804cacf64b6c9efd712a395076dd0ba7c29 WHIRLPOOL 8dab8aa1bf3f7c9adbf2952148d76cc627682876b5e64dc789582b573a4b6fa73910043325fc664784b68966bcb1e8ba9ae6bfa457133bde0d52e39b7d3c09e0
 DIST ngx_memc_module-0.17.tar.gz 36369 SHA256 25cbe3ff4931283a681260607bc91ae4a922075345d5770b293c6cd7f1e3bdcc SHA512 e6fdecb4bb629f0882868b78f4b3a2549fce4471efcc4f2c6fdc414435799be6ce41cf056a3170952f8a1f401ee1ca372c97f2d7f79fba79239599755ade8949 WHIRLPOOL 766d84e7a2dfb2a6f069fd846e19d635f4dbd36f78014e97bbd159312d0b38d671b4db989584ca2b5b449046483b5b90d09edbe1c4531b266d8592ad7bad3c3a
+DIST ngx_memc_module-0.18.tar.gz 37113 SHA256 4e280d1dcb8b312bc7875604c1e35b17879279126d3d5fbf482aa9cc7c11276d SHA512 8087bd361fb4e522493e66f93d59c9b13245d6eef0fe4a53f619d1826feb02af60769c0a04f87f2faf5308a44b794ef146a445bdbe7cbc7f21c0edaaba08c706 WHIRLPOOL 9570bf7fb4e925d1794f3af0914efca036fe65696e7e380969133b89878e5f46f71cd5ffb7b5ea94085aced26d289abca77d7ef805f03ff614bc12a47d7aab3f
 DIST ngx_metrics-0.1.1.tar.gz 2964 SHA256 1c62ebb31e3caafad91720962770b0e7a4287f195520cf12471c262ac19b154e SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e WHIRLPOOL 2796f5a97e76dfcc91133240e8e90ba493f0356f781a173d8cacdd09eba64b75ef531db398c0566fda395124700de8c991b771433e376ca0d5898c2ea6f82868
 DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 SHA256 7ac230d30907f013dff8d435a118619ea6168aa3714dba62c6962d350c6295ae SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1 WHIRLPOOL 64c9b11ad938e6dbe5ba31298f1cd46f6e6bb4ba039c96b1e43bd85919d1606326f74b677f789ecabe0b0f4e0f08ac5aaf8148bf820de65aaa1e9966a28b9f61
 DIST ngx_rtmp-1.1.10.tar.gz 519877 SHA256 f9491dd24390b0d5d70dfe3553edf3d14efeb7c7a81b4d4a20c5cfeaefc1141c SHA512 bcc0aee3308af7c61bf01a5530fcf1dae938e6778306f6e3eb5995e6d0529f43d33b7ee2acb813d5a39acc92e4853d207a01e8e41b766a6e0dd07aade60cd98f WHIRLPOOL 655f4dcb02f928698ae14d29e5b7f60ad3fd71c757d67f1930c695a3501054d124a92f7ada7d4e605204f1e73e0779cad0b60102bc98d64764535581db0b1867

diff --git a/www-servers/nginx/files/http_lua_nginx-1.11.11+-r1.patch b/www-servers/nginx/files/http_lua_nginx-1.11.11+-r1.patch
new file mode 100644
index 00000000000..2a61c03b200
--- /dev/null
+++ b/www-servers/nginx/files/http_lua_nginx-1.11.11+-r1.patch
@@ -0,0 +1,214 @@
+From 0459a285ca0159d45e73da8bd1164edb5c57cde3 Mon Sep 17 00:00:00 2001
+From: Andrei Belov <defanator@gmail.com>
+Date: Wed, 22 Mar 2017 07:50:57 +0300
+Subject: [PATCH] feature: nginx 1.11.11+ can now build with this module.
+
+Note: nginx 1.11.11+ are still not an officially supported target yet.
+More work needed.
+
+Closes openresty/lua-nginx-module#1016
+
+See also:
+http://hg.nginx.org/nginx/rev/e662cbf1b932
+---
+ src/ngx_http_lua_common.h  |  6 ++++
+ src/ngx_http_lua_headers.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++
+ src/ngx_http_lua_headers.h |  3 ++
+ src/ngx_http_lua_module.c  | 13 ++++++++-
+ 4 files changed, 89 insertions(+), 1 deletion(-)
+
+diff --git a/src/ngx_http_lua_common.h b/src/ngx_http_lua_common.h
+index 079a4dc..f37d776 100644
+--- a/src/ngx_http_lua_common.h
++++ b/src/ngx_http_lua_common.h
+@@ -199,6 +199,12 @@ struct ngx_http_lua_main_conf_s {
+                                                 of reqeusts */
+     ngx_uint_t           malloc_trim_req_count;
+ 
++#if nginx_version >= 1011011
++    /* the following 2 fields are only used by ngx.req.raw_headers() for now */
++    ngx_buf_t          **busy_buf_ptrs;
++    ngx_int_t            busy_buf_ptr_count;
++#endif
++
+     unsigned             requires_header_filter:1;
+     unsigned             requires_body_filter:1;
+     unsigned             requires_capture_filter:1;
+diff --git a/src/ngx_http_lua_headers.c b/src/ngx_http_lua_headers.c
+index 2392598..6700ce8 100644
+--- a/src/ngx_http_lua_headers.c
++++ b/src/ngx_http_lua_headers.c
+@@ -26,6 +26,9 @@ static int ngx_http_lua_ngx_req_get_headers(lua_State *L);
+ static int ngx_http_lua_ngx_req_header_clear(lua_State *L);
+ static int ngx_http_lua_ngx_req_header_set(lua_State *L);
+ static int ngx_http_lua_ngx_resp_get_headers(lua_State *L);
++#if nginx_version >= 1011011
++void ngx_http_lua_ngx_raw_header_cleanup(void *data);
++#endif
+ 
+ 
+ static int
+@@ -77,6 +80,11 @@ ngx_http_lua_ngx_req_raw_header(lua_State *L)
+     size_t                       size;
+     ngx_buf_t                   *b, *first = NULL;
+     ngx_int_t                    i, j;
++#if nginx_version >= 1011011
++    ngx_buf_t                  **bb;
++    ngx_chain_t                 *cl;
++    ngx_http_lua_main_conf_t    *lmcf;
++#endif
+     ngx_connection_t            *c;
+     ngx_http_request_t          *r, *mr;
+     ngx_http_connection_t       *hc;
+@@ -93,6 +101,10 @@ ngx_http_lua_ngx_req_raw_header(lua_State *L)
+         return luaL_error(L, "no request object found");
+     }
+ 
++#if nginx_version >= 1011011
++    lmcf = ngx_http_get_module_main_conf(r, ngx_http_lua_module);
++#endif
++
+     ngx_http_lua_check_fake_request(L, r);
+ 
+     mr = r->main;
+@@ -109,8 +121,13 @@ ngx_http_lua_ngx_req_raw_header(lua_State *L)
+     dd("hc->nbusy: %d", (int) hc->nbusy);
+ 
+     if (hc->nbusy) {
++#if nginx_version >= 1011011
++        dd("hc->busy: %p %p %p %p", hc->busy->buf->start, hc->busy->buf->pos,
++           hc->busy->buf->last, hc->busy->buf->end);
++#else
+         dd("hc->busy: %p %p %p %p", hc->busy[0]->start, hc->busy[0]->pos,
+            hc->busy[0]->last, hc->busy[0]->end);
++#endif
+     }
+ 
+     dd("request line: %p %p", mr->request_line.data,
+@@ -146,9 +163,37 @@ ngx_http_lua_ngx_req_raw_header(lua_State *L)
+     dd("size: %d", (int) size);
+ 
+     if (hc->nbusy) {
++#if nginx_version >= 1011011
++        if (hc->nbusy > lmcf->busy_buf_ptr_count) {
++            if (lmcf->busy_buf_ptrs) {
++                ngx_free(lmcf->busy_buf_ptrs);
++            }
++
++            lmcf->busy_buf_ptrs = ngx_alloc(hc->nbusy * sizeof(ngx_buf_t *),
++                                            r->connection->log);
++
++            if (lmcf->busy_buf_ptrs == NULL) {
++                return luaL_error(L, "no memory");
++            }
++
++            lmcf->busy_buf_ptr_count = hc->nbusy;
++        }
++
++        bb = lmcf->busy_buf_ptrs;
++        for (cl = hc->busy; cl; cl = cl->next) {
++            *bb++ = cl->buf;
++        }
++#endif
+         b = NULL;
++
++#if nginx_version >= 1011011
++        bb = lmcf->busy_buf_ptrs;
++        for (i = hc->nbusy; i > 0; i--) {
++            b = bb[i - 1];
++#else
+         for (i = 0; i < hc->nbusy; i++) {
+             b = hc->busy[i];
++#endif
+ 
+             dd("busy buf: %d: [%.*s]", (int) i, (int) (b->pos - b->start),
+                b->start);
+@@ -223,8 +268,15 @@ ngx_http_lua_ngx_req_raw_header(lua_State *L)
+     }
+ 
+     if (hc->nbusy) {
++
++#if nginx_version >= 1011011
++        bb = lmcf->busy_buf_ptrs;
++        for (i = hc->nbusy - 1; i >= 0; i--) {
++            b = bb[i];
++#else
+         for (i = 0; i < hc->nbusy; i++) {
+             b = hc->busy[i];
++#endif
+ 
+             if (!found) {
+                 if (b != first) {
+@@ -1431,4 +1483,20 @@ ngx_http_lua_ffi_get_resp_header(ngx_http_request_t *r,
+ #endif /* NGX_LUA_NO_FFI_API */
+ 
+ 
++#if nginx_version >= 1011011
++void
++ngx_http_lua_ngx_raw_header_cleanup(void *data)
++{
++    ngx_http_lua_main_conf_t  *lmcf;
++
++    lmcf = (ngx_http_lua_main_conf_t *) data;
++
++    if (lmcf->busy_buf_ptrs) {
++        ngx_free(lmcf->busy_buf_ptrs);
++        lmcf->busy_buf_ptrs = NULL;
++    }
++}
++#endif
++
++
+ /* vi:set ft=c ts=4 sw=4 et fdm=marker: */
+diff --git a/src/ngx_http_lua_headers.h b/src/ngx_http_lua_headers.h
+index 39f1114..ee4d21c 100644
+--- a/src/ngx_http_lua_headers.h
++++ b/src/ngx_http_lua_headers.h
+@@ -15,6 +15,9 @@
+ void ngx_http_lua_inject_resp_header_api(lua_State *L);
+ void ngx_http_lua_inject_req_header_api(lua_State *L);
+ void ngx_http_lua_create_headers_metatable(ngx_log_t *log, lua_State *L);
++#if nginx_version >= 1011011
++void ngx_http_lua_ngx_raw_header_cleanup(void *data);
++#endif
+ 
+ 
+ #endif /* _NGX_HTTP_LUA_HEADERS_H_INCLUDED_ */
+diff --git a/src/ngx_http_lua_module.c b/src/ngx_http_lua_module.c
+index 3dc2817..875f933 100644
+--- a/src/ngx_http_lua_module.c
++++ b/src/ngx_http_lua_module.c
+@@ -28,6 +28,7 @@
+ #include "ngx_http_lua_ssl_certby.h"
+ #include "ngx_http_lua_ssl_session_storeby.h"
+ #include "ngx_http_lua_ssl_session_fetchby.h"
++#include "ngx_http_lua_headers.h"
+ 
+ 
+ static void *ngx_http_lua_create_main_conf(ngx_conf_t *cf);
+@@ -624,7 +625,7 @@ ngx_http_lua_init(ngx_conf_t *cf)
+     volatile ngx_cycle_t       *saved_cycle;
+     ngx_http_core_main_conf_t  *cmcf;
+     ngx_http_lua_main_conf_t   *lmcf;
+-#ifndef NGX_LUA_NO_FFI_API
++#if !defined(NGX_LUA_NO_FFI_API) || nginx_version >= 1011011
+     ngx_pool_cleanup_t         *cln;
+ #endif
+ 
+@@ -716,6 +717,16 @@ ngx_http_lua_init(ngx_conf_t *cf)
+     cln->handler = ngx_http_lua_sema_mm_cleanup;
+ #endif
+ 
++#if nginx_version >= 1011011
++    cln = ngx_pool_cleanup_add(cf->pool, 0);
++    if (cln == NULL) {
++        return NGX_ERROR;
++    }
++
++    cln->data = lmcf;
++    cln->handler = ngx_http_lua_ngx_raw_header_cleanup;
++#endif
++
+     if (lmcf->lua == NULL) {
+         dd("initializing lua vm");
+ 

diff --git a/www-servers/nginx/files/http_lua_nginx-1.11.11+.patch b/www-servers/nginx/files/http_lua_nginx-1.11.11+.patch
deleted file mode 100644
index 2c9cc8ea382..00000000000
--- a/www-servers/nginx/files/http_lua_nginx-1.11.11+.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-Upstream: https://github.com/openresty/lua-nginx-module/pull/1017
-
---- a/src/ngx_http_lua_headers.c
-+++ b/src/ngx_http_lua_headers.c
-@@ -77,6 +77,9 @@ ngx_http_lua_ngx_req_raw_header(lua_State *L)
-     size_t                       size;
-     ngx_buf_t                   *b, *first = NULL;
-     ngx_int_t                    i, j;
-+#if defined(nginx_version) && nginx_version >= 1011011
-+    ngx_chain_t                 *cl;
-+#endif
-     ngx_connection_t            *c;
-     ngx_http_request_t          *r, *mr;
-     ngx_http_connection_t       *hc;
-@@ -147,8 +150,15 @@ ngx_http_lua_ngx_req_raw_header(lua_State *L)
- 
-     if (hc->nbusy) {
-         b = NULL;
-+
-+#if defined(nginx_version) && nginx_version >= 1011011
-+        for (cl = hc->busy; cl; /* void */) {
-+            b = cl->buf;
-+            cl = cl->next;
-+#else
-         for (i = 0; i < hc->nbusy; i++) {
-             b = hc->busy[i];
-+#endif
- 
-             dd("busy buf: %d: [%.*s]", (int) i, (int) (b->pos - b->start),
-                b->start);
-@@ -223,8 +233,15 @@ ngx_http_lua_ngx_req_raw_header(lua_State *L)
-     }
- 
-     if (hc->nbusy) {
-+
-+#if defined(nginx_version) && nginx_version >= 1011011
-+        for (cl = hc->busy; cl; /* void */) {
-+            b = cl->buf;
-+            cl = cl->next;
-+#else
-         for (i = 0; i < hc->nbusy; i++) {
-             b = hc->busy[i];
-+#endif
- 
-             if (!found) {
-                 if (b != first) {

diff --git a/www-servers/nginx/nginx-1.11.12-r1.ebuild b/www-servers/nginx/nginx-1.11.13-r1.ebuild
similarity index 98%
rename from www-servers/nginx/nginx-1.11.12-r1.ebuild
rename to www-servers/nginx/nginx-1.11.13-r1.ebuild
index 7870abf9766..cb4c774f1aa 100644
--- a/www-servers/nginx/nginx-1.11.12-r1.ebuild
+++ b/www-servers/nginx/nginx-1.11.13-r1.ebuild
@@ -53,7 +53,7 @@ HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v
 HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
 
 # http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.7"
+HTTP_LUA_MODULE_PV="0.10.8"
 HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
 HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
 HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
@@ -126,7 +126,7 @@ HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/ar
 HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
 
 # memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.17"
+HTTP_MEMC_MODULE_PV="0.18"
 HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
 HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
 HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
@@ -350,7 +350,7 @@ src_prepare() {
 
 	if use nginx_modules_http_lua; then
 		cd "${HTTP_LUA_MODULE_WD}" || die
-		eapply -p1 "${FILESDIR}"/http_lua_nginx-1.11.11+.patch
+		eapply -p1 "${FILESDIR}"/http_lua_nginx-1.11.11+-r1.patch
 		cd "${S}" || die
 		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
 	fi
@@ -378,12 +378,6 @@ src_prepare() {
 		cd "${S}" || die
 	fi
 
-	if use nginx_modules_http_memc; then
-		cd "${HTTP_MEMC_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_memc-0.17-issue_26.patch
-		cd "${S}" || die
-	fi
-
 	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
 	# We have config protection, don't rename etc files
 	sed -i 's:.default::' auto/install || die
@@ -779,11 +773,21 @@ pkg_postinst() {
 	fi
 
 	if use nginx_modules_http_spdy; then
+		ewarn ""
 		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
 		ewarn "Update your configs and package.use accordingly."
 	fi
 
+	if use nginx_modules_http_lua; then
+		ewarn ""
+		ewarn "While you can build lua 3rd party module against ${P}"
+		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+		ewarn "officially supported target yet. You are on your own."
+		ewarn "Expect runtime failures, memory leaks and other problems!"
+	fi
+
 	if use nginx_modules_http_lua && use http2; then
+		ewarn ""
 		ewarn "Lua 3rd party module author warns against using ${P} with"
 		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
 	fi

diff --git a/www-servers/nginx/nginx-1.11.13.ebuild b/www-servers/nginx/nginx-1.11.13.ebuild
deleted file mode 100644
index 7870abf9766..00000000000
--- a/www-servers/nginx/nginx-1.11.13.ebuild
+++ /dev/null
@@ -1,1011 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.32"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.1"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.7"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.55.3"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.11"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.60"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.1"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.17"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
-	rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
-	upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
-	upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_upload_progress
-	http_headers_more
-	http_cache_purge
-	http_slowfs_cache
-	http_fancyindex
-	http_lua
-	http_auth_pam
-	http_upstream_check
-	http_metrics
-	http_naxsi
-	http_dav_ext
-	http_echo
-	http_security
-	http_push_stream
-	http_sticky
-	http_mogilefs
-	http_memc
-	http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( dev-libs/libpcre:= )
-	pcre-jit? ( dev-libs/libpcre:=[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
-	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl:= )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? (
-		dev-libs/apr:=
-		dev-libs/apr-util:=
-		dev-libs/libxml2:=
-		net-misc/curl
-		www-servers/apache
-	)
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
-	if use nginx_modules_http_echo; then
-		cd "${HTTP_ECHO_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_echo-nginx-1.11.11+.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		#eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
-		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
-	fi
-
-	if use nginx_modules_http_lua; then
-		cd "${HTTP_LUA_MODULE_WD}" || die
-		eapply -p1 "${FILESDIR}"/http_lua_nginx-1.11.11+.patch
-		cd "${S}" || die
-		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
-	fi
-
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		eapply "${FILESDIR}"/http_security-pr_1158.patch
-		eapply "${FILESDIR}"/http_security-pr_1373.patch
-
-		eautoreconf
-
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upload_progress; then
-		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_memc; then
-		cd "${HTTP_MEMC_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_memc-0.17-issue_26.patch
-		cd "${S}" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		./configure \
-			--enable-standalone-module \
-			--disable-mlogc \
-			--with-ssdeep=no \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
-		cd "${S}" || die
-	fi
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM_STD; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			myconf+=( --without-stream_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_STREAM_OPT; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-			myconf+=( --with-stream_${mod}_module )
-		fi
-	done
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	local WITHOUT_IPV6=
-	if ! use ipv6; then
-		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		--with-compat \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
-	newconfd "${FILESDIR}"/nginx.confd nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 ${keepdir_list}
-	fowners ${PN}:${PN} ${keepdir_list}
-
-	fperms 0710 /var/log/nginx
-	fowners 0:${PN} /var/log/nginx
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
-	fi
-
-	local _n_permission_layout_checks=0
-	local _has_to_adjust_permissions=0
-	local _has_to_show_permission_warning=0
-
-	# Defaults to 1 to inform people doing a fresh installation
-	# that we ship modified {scgi,uwsgi,fastcgi}_params files
-	local _has_to_show_httpoxy_mitigation_notice=1
-
-	local _replacing_version=
-	for _replacing_version in ${REPLACING_VERSIONS}; do
-		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
-		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
-			# Should never happen:
-			# Package is abusing slots but doesn't allow multiple parallel installations.
-			# If we run into this situation it is unsafe to automatically adjust any
-			# permission...
-			_has_to_show_permission_warning=1
-
-			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
-				"You will have to adjust permissions on your own."
-
-			break
-		fi
-
-		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
-		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
-		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
-		# This was before we introduced multiple nginx versions so we
-		# do not need to distinguish between stable and mainline
-		local _need_to_fix_CVE2013_0337=1
-
-		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
-			# We are updating an installation which should already be fixed
-			_need_to_fix_CVE2013_0337=0
-			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
-		else
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
-		fi
-
-		# Do we need to inform about HTTPoxy mitigation?
-		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_show_httpoxy_mitigation_notice=1
-			debug-print "Need to inform about HTTPoxy mitigation!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.1-r2"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.3-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that the user has
-					# already seen the HTTPoxy mitigation notice because he/she is doing
-					# an update from previous version where we have already shown
-					# the warning. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation where we already informed
-				# that we are mitigating HTTPoxy per default
-				_has_to_show_httpoxy_mitigation_notice=0
-				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
-			else
-				_has_to_show_httpoxy_mitigation_notice=1
-				debug-print "Need to inform about HTTPoxy mitigation!"
-			fi
-		fi
-
-		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
-		# All branches up to 1.11 are affected
-		local _need_to_fix_CVE2016_1247=1
-
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.2-r3"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.6-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that we have already
-					# adjusted permissions or were never affected because user is
-					# doing an update from previous version which was safe or did
-					# the adjustments. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation which should already be adjusted
-				# or which was never affected
-				_need_to_fix_CVE2016_1247=0
-				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
-			else
-				_has_to_adjust_permissions=1
-				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-			fi
-		fi
-	done
-
-	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
-		# We do not DIE when chmod/chown commands are failing because
-		# package is already merged on user's system at this stage
-		# and we cannot retry without losing the information that
-		# the existing installation needs to adjust permissions.
-		# Instead we are going to a show a big warning ...
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The world-readable bit (if set) has been removed from the"
-			ewarn "following directories to mitigate a security bug"
-			ewarn "(CVE-2013-0337, bug #458726):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
-			chmod o-rwx \
-				"${EPREFIX%/}"/var/log/nginx \
-				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
-				_has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The permissions on the following directory have been reset in"
-			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "Also ensure that no other log directory used by any of your"
-			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-			ewarn "used by nginx can be abused to escalate privileges!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
-			# Should never happen ...
-			ewarn ""
-			ewarn "*************************************************************"
-			ewarn "***************         W A R N I N G         ***************"
-			ewarn "*************************************************************"
-			ewarn "The one-time only attempt to adjust permissions of the"
-			ewarn "existing nginx installation failed. Be aware that we will not"
-			ewarn "try to adjust the same permissions again because now you are"
-			ewarn "using a nginx version where we expect that the permissions"
-			ewarn "are already adjusted or that you know what you are doing and"
-			ewarn "want to keep custom permissions."
-			ewarn ""
-		fi
-	fi
-
-	# Sanity check for CVE-2016-1247
-	# Required to warn users who received the warning above and thought
-	# they could fix it by unmerging and re-merging the package or have
-	# unmerged a affected installation on purpose in the past leaving
-	# /var/log/nginx on their system due to keepdir/non-empty folder
-	# and are now installing the package again.
-	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
-	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
-	if [ $? -eq 0 ] ; then
-		# Cleanup -- no reason to die here!
-		rm -f "${_sanity_check_testfile}"
-
-		ewarn ""
-		ewarn "*************************************************************"
-		ewarn "***************         W A R N I N G         ***************"
-		ewarn "*************************************************************"
-		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
-		ewarn "(bug #605008) because nginx user is able to create files in"
-		ewarn ""
-		ewarn "  ${EPREFIX%/}/var/log/nginx"
-		ewarn ""
-		ewarn "Also ensure that no other log directory used by any of your"
-		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-		ewarn "used by nginx can be abused to escalate privileges!"
-	fi
-
-	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
-		# HTTPoxy mitigation
-		ewarn ""
-		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
-		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
-		ewarn "are sourcing one of the default"
-		ewarn ""
-		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
-		ewarn "  - 'scgi_params'"
-		ewarn "  - 'uwsgi_params'"
-		ewarn ""
-		ewarn "files in your server block(s)."
-		ewarn ""
-		ewarn "If this is causing any problems for you make sure that you are sourcing the"
-		ewarn "default parameters _before_ you set your own values."
-		ewarn "If you are relying on user-supplied proxy values you have to remove the"
-		ewarn "correlating lines from the file(s) mentioned above."
-		ewarn ""
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/files/, www-servers/nginx/

[Thomas Deutschmann]

commit:     a10dc685fb4d5ab1d8f0ed6a5e6a0ec536552ace
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Jul 12 10:34:32 2017 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Jul 12 10:34:32 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a10dc685

www-servers/nginx: Security cleanup (bug #624552)

Package-Manager: Portage-2.3.5, Repoman-2.3.2

 www-servers/nginx/Manifest                         |   12 -
 .../nginx/files/http_memc-0.17-issue_26.patch      |   40 -
 www-servers/nginx/nginx-1.10.3.ebuild              |  988 -------------------
 www-servers/nginx/nginx-1.11.10.ebuild             | 1001 -------------------
 www-servers/nginx/nginx-1.11.13-r1.ebuild          | 1015 --------------------
 www-servers/nginx/nginx-1.12.0.ebuild              | 1015 --------------------
 www-servers/nginx/nginx-1.13.0.ebuild              | 1015 --------------------
 www-servers/nginx/nginx-1.13.1.ebuild              | 1015 --------------------
 www-servers/nginx/nginx-1.13.2.ebuild              | 1015 --------------------
 9 files changed, 7116 deletions(-)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index b4746ce02a1..6946a8a8ede 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,12 +1,5 @@
 DIST modsecurity-2.9.1.tar.gz 4261212 SHA256 958cc5a7a7430f93fac0fd6f8b9aa92fc1801efce0cda797d6029d44080a9b24 SHA512 374733cbfc26e53d95b78c8f268a4e465d838163e9893fc24e33a9d272b114f1b287147bab6d0289575074cbbd94f48983e23fa59832cbcb32950046cea59269 WHIRLPOOL 5f41bebf032f8a269412d104b7632a06af4d4c495658c9cd1ebf69b82c10ce1bbcb34b9dd159a7b00e57348714a5e93ad3db19701dda51479accd3a9dc79a9cb
-DIST nginx-1.10.3.tar.gz 911509 SHA256 75020f1364cac459cb733c4e1caed2d00376e40ea05588fb8793076a4c69dd90 SHA512 25cddbe5c419700aeca41bff3be5b7c3accfb38ad846ec8d91d81ab7c15f10db719f02d9263edf1fa12f59805ff7001b62864dc2885370b24afeea1d7d2afbbf WHIRLPOOL 1ebf540d49d28a853a9221a558b53d28e2e7dfddf345e433baa4c2b819f6e1fe34528b4680387147c73271d3837529a4452e53b863dff5d29772c2b0a75e0ba6
-DIST nginx-1.11.10.tar.gz 967773 SHA256 778b3cabb07633f754cd9dee32fc8e22582bce22bfa407be76a806abd935533d SHA512 b6437d8305547a834a0f3ad076ac591b90189eb922f48759094efaa9618e39fc249600ab13650113fe841fc9af0b736acc61a9b9baba7bacd35224c34df1bbc9 WHIRLPOOL f9535d4fabad7603cc384dda13aca51be77c7901d099190f9d5a187e517128a56a28cb851408b93091f8d99ce118678857ec08fba16bec4c2e2ed2d75ab543bd
-DIST nginx-1.11.13.tar.gz 980784 SHA256 360b601ef8ed2998c80fa56a27bf3cd745c3ce18c5fb10892e6595467b1415d3 SHA512 6546a1d96e5234c9512217559c22bc4be0e5f793d6082a9a3acaa1724c91c656b36a976cb452195b256915dc0d21fd433f539cd6c06d73c8dbb0233220d54fa8 WHIRLPOOL 53b3e0b8767ea93d4a3daaf5cfcd489dd83d9f60f53f985c677dfb328b7e6aee13114290bed22b268bca12d2e63fbb142b2357ef7dd8166e8da9eac4c931289a
-DIST nginx-1.12.0.tar.gz 980831 SHA256 b4222e26fdb620a8d3c3a3a8b955e08b713672e1bc5198d1e4f462308a795b30 SHA512 e2e930b61491d91090090d4716740895fc7812e8e266c427ac2b40c5a70493150e5c81e769c6b7563baf5f0e15b32fae8f2b11fd5699e468e1cc40706defb8ee WHIRLPOOL 0f4819cccd965837f1dcc5217de6c98cfd2d83e406fedb4840096d8ccacaac77767ae02551f2f927f2dc4a9413944206d8a26cf8eff8e425a53ba0ce425c5657
 DIST nginx-1.12.1.tar.gz 981093 SHA256 8793bf426485a30f91021b6b945a9fd8a84d87d17b566562c3797aba8fac76fb SHA512 3a2ad2a559b366dda92dd58c0fe40ee84dd60a3eaf72071454110e032c3e9a03f2a63b28fe3a615b527950521eeb533c687a2cc4c87524e1d8f3a0a5f043fdb6 WHIRLPOOL 17e91044636839f0c8c476879227f2de1633679199787157e5ed47c306dcb9597646c5be96957d51e38d96ddbb0346ec9f72b87c37023e19e572fa404ef0fd1f
-DIST nginx-1.13.0.tar.gz 982592 SHA256 79f52ab6550f854e14439369808105b5780079769d7b8db3856be03c683605d7 SHA512 54745876db546cc4d42ef048159bf6f9584278989f03e7e3451597eacbaad7713f9bf9bf93fc540a1be13380281d499f4aa4f27dcdfd3e860bc1203c9cde314b WHIRLPOOL 535f646b1da1193d1d40ae6e2fda12ab6480f863d98f7e35cccc8f561e96acb28255a1f44996ac3865236a664622e8dba2afd1d6219806d1c0765ee1a53e5df9
-DIST nginx-1.13.1.tar.gz 984142 SHA256 a5856c72a6609a4dc68c88a7f3c33b79e6693343b62952e021e043fe347b6776 SHA512 09ed3aa700965061d70edef732fccb2e32b9ace9eedbd86c8ad8d152748caf2d779ba2b06c3108ca0ad32f16e1a2e3551dbd1dc123c7dc1b64d672357dbd97ea WHIRLPOOL a5684393746e44777a1b8aa69de607c9cc6ebf227fac122a70b12888931939d992ffbc2bbfa44f063b69e1e8c06cdb15289c2d9ac0a1301f57aca1b1d3686e87
-DIST nginx-1.13.2.tar.gz 985802 SHA256 d77f234d14989d273a363f570e1d892395c006fef2ec04789be90f41a1919b70 SHA512 b07a0a6e8201979dbcec5ecdec9dd1210f35d5e861ff149b3a59f7d1d36f15ec195ef41c6d82a3bf618e9f044dbae06bb45d7f0369574cde97bd74b750dea905 WHIRLPOOL 46de82a5554a78249079a200720ec6184ff2e52a5609c12e365bdbc7f052486c3991eee3fac8bab71d75068e132a2eb112b4a99211a6365d991273a44e5d8ec2
 DIST nginx-1.13.3.tar.gz 985931 SHA256 5b73f98004c302fb8e4a172abf046d9ce77739a82487e4873b39f9b0dcbb0d72 SHA512 4a8924b1edd0b8476437680ea548a0bc983d360e73f2d5797f60cebc3ef7d6fb64e56b6aaf5a4fc1707d24519dc70d466a7bf1d336c463651928d65c2f7b5380 WHIRLPOOL 9cb1f77a60945d9c1df6e2589116406f31939882131759d3aa95b25edfe86bc5fe712a517a3b0f77a5fca2b3706884984b90e293a4e791faa824bbf0e964518e
 DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 SHA256 3c11c32f05da04f1a4647dc4e35dd8d8aeacd5a2e763ba349feba3dba8663132 SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92 WHIRLPOOL ad65e8182b2634db5fa06055ef7d91c7d8aabd0fa986d8402a4845977354d6edb329621b6f9f96c90ce2d158cff20e42ae50fba06a088a84de3e3f414205dbc2
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 SHA256 6f9102321d8c68df6d67e9bde145a8de3f45f99f6cb47c08735a86f003234d31 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529 WHIRLPOOL 38abe56e177e22dad68ac7d6570425ecd763d2e891627a75156a6f39bd7edc54f664c3d2f638e1ea57c743dadc6a8c9889be087abbdb4c98b5641c299f7fbc07
@@ -17,18 +10,13 @@ DIST ngx_http_dav_ext-0.0.3.tar.gz 6260 SHA256 d428a0236c933779cb40ac8c91afb19d5
 DIST ngx_http_echo-0.60.tar.gz 52771 SHA256 1077da2229ac7d0a0215e9e6817e297c10697e095010d88f1adbd1add1ce9f4e SHA512 c455bee73cebd0752449472452d15614b9587ddd199263d366484ede890c4d108eacbbeaef31adc9dc7732b56ef2bfc73c0fef3366366db03a8ec3fdc27a985c WHIRLPOOL 8938ac18aae74a5c4806ff3611c243c9bee108ef93fef7b0da284040c2ec2d9a57cb3cad9e3719cb795bbb063176d7afe81b7288ebacf5096d26b16e5ef34da6
 DIST ngx_http_fancyindex-0.4.1.tar.gz 21130 SHA256 2b00d8e0ad2a67152a9cee7b7ee67990c742d501412df912baaf1eee9bb6dc71 SHA512 ce0043ad4a2b638c5d99244d6caaa65ad142cea78884084a9aeca5a9593c68dbe508c9e4dd85dc5722eb63ef386612bffc48d4b6fc1487df244fbcb7a73bffe1 WHIRLPOOL 4a885afbadf64bbd25df6580a099472ae48836d9dddfe1dee6ac6a6f97bfb0cf7120ff10dd69fceca7085fab590bec3a4b4b5be5644f2352375316885ddc3cac
 DIST ngx_http_headers_more-0.32.tar.gz 28033 SHA256 c6d9dab8ea1fc997031007e2e8f47cced01417e203cd88d53a9fe9f6ae138720 SHA512 e42582b45c3111de3940bbeb67ce161aca2d55adcfb00c61c12256fa0e36221d38723013f36edbcf6d1b520f8dfb49d4657df8a956e66d36e68425afad382bd1 WHIRLPOOL 2b95ea8e2933e83082b9dfd7aaa8f57dd38b0ec12fb452a4aa38a215ca76b6572fe35b79c8afe8cf3097bf89ced0e81c33e07ee6913c99966b87b8e610df3121
-DIST ngx_http_lua-0.10.7.tar.gz 605171 SHA256 c21c8937dcdd6fc2b6a955f929e3f4d1388610f47180e60126e6dcab06786f77 SHA512 d060a13de4d01d77e6d6cd1635ecbb405330e4326b71b89341c1c128ee4182978a51d53355bc07c350e3c3a7df15325e3df380d9c3a98b2ff7d7efa18fa09b32 WHIRLPOOL 7b64f75aae2ab74f51b3b2d07a59262a2c8ab2b863698b93b1184c003049641b45eded8fa5cc6301887c80d5fc34e9f22365da7765b3d5594ad838dacfceddd7
 DIST ngx_http_lua-0.10.8.tar.gz 606643 SHA256 d67449c71051b3cc2d6dd60df0ae0d21fca08aa19c9b30c5b95ee21ff38ef8dd SHA512 ad621cec178eb37109f16ebc30dbab7b1ea344ac4b523ff1e6ad62364b8cf437488a89c593ca44b446b729a1c578e3a97685851847b4b16a147ac9eca8f23a2a WHIRLPOOL 07ba9d1c35c5f8cf627a485ee19b4a5bd0969efc70283f4617af542c5152879aba2b6f5e0a8fd1a6d1a69c2438a499f56156de6f3345a0f2f6527686e682baba
-DIST ngx_http_naxsi-0.55.1.tar.gz 185997 SHA256 45dd0df7a6b0b6aa9c64eb8c39a8e294d659d87fb18e192cf58f1402f3cdb0a8 SHA512 aebda20e5b78e9111b7bac1e15829258e6b85b80e4ce333e4dba8caead36287b3f0fcb453c51d7c59f07d637fa62f5c6b23aecd3bf6a3c3da4abebf1a6689f14 WHIRLPOOL 36830d10a35b724b7ea15e3884e96e2e4dd84f2b81fc1c7122d3e2e83a1942227321b1a7141d829423788bc52a3e199a95ca2637369e17f84ea16eb0cb2e5e37
 DIST ngx_http_naxsi-0.55.3.tar.gz 187416 SHA256 0b3c95d250772dc89ad8b49e47c1e024c5ae2c76c0cffa445e9fe05c4dd13495 SHA512 9e8f41a5cd1342cc9b8aa334a603842d14a256aab1f4a21205bb1278aecbb0c49e39c889d8113a5b41aad2efeaa2ed9f11cba6929173f50add91f54c4c59c8a0 WHIRLPOOL 0a1bbe06730730944a882d86ffa378c4a3c759366208913603ffd18fcd7b18e65b6b1a89e9a07dc82e360dfe7ef4a6430391f6e52de35023d33ca19e80a3b693
 DIST ngx_http_push_stream-0.5.2.tar.gz 182008 SHA256 1d07f38acdb8194bd49344b0ba21de101070de9b8731d27a8d22e928850bc199 SHA512 ee8bf9ece652da6aa5a39879298bba70d1842696545259f3f5e302cc61397b35f016364805805f9ab1914fc39ed2f07c015e042155789073e3d1fdc02a0783de WHIRLPOOL d309cecbb1bb5b6c4f64712d44889e3ecca59140d845a31a3f605dc3cc2aa01622b0deadb8f6852baea3c211bebbe6ed7d7868399447ac1249c1b1b740fa3c27
 DIST ngx_http_slowfs_cache-1.10.tar.gz 11809 SHA256 1e81453942e5b0877de1f1f06c56ae82918ea9818255cb935bcb673c95a758a1 SHA512 fbc9609a8d6913aeefe535f206b9e53477503f131934ead2ae5a6169e395af2f5fb54778704824d5eeb22a4ef40a11ebbcde580db62a631f70edcc2cfc06b15d WHIRLPOOL a02ed77422c47d9e476f8746186d19d632ddb953635d8d9dd51ff076225a78044286ee7e114478bc02e4b2a422e4fdc207154fc287629dd2cd7c3f9a634dad18
 DIST ngx_http_upload_progress-0.9.2-r1.tar.gz 17268 SHA256 b286689355442657650421d8e8398bd4abf9dbbaade65947bb0cb74a349cc497 SHA512 c31c46344d49704389722325a041b9cd170fa290acefe92cfc572c07f711cd3039de78f28df48ca7dcb79b2e4bbe442580aaaf4d92883fd3a14bf41d66dd9d8c WHIRLPOOL e847603f1445c7e1471a5570e2774a448be880eb71eeb21e27361586bcee9aae31cb0a8a80cd5abfc8d14e2c356fabfa7293e6a4d5f6782d41521a7bdc124066
 DIST ngx_http_upstream_check-0.3.0-10-gf3bdb7b.tar.gz 129060 SHA256 9e0835e8c1550033e74c7eaeebf94d41ab1617cff152dd076da976e0eba30bfc SHA512 5b2ae6d305d24d0c64dc118fd3b0c23f5bf0e9a282e70e8d2c4eb946ed510263b5e845f64ca352784e34708cf9d98804cacf64b6c9efd712a395076dd0ba7c29 WHIRLPOOL 8dab8aa1bf3f7c9adbf2952148d76cc627682876b5e64dc789582b573a4b6fa73910043325fc664784b68966bcb1e8ba9ae6bfa457133bde0d52e39b7d3c09e0
-DIST ngx_memc_module-0.17.tar.gz 36369 SHA256 25cbe3ff4931283a681260607bc91ae4a922075345d5770b293c6cd7f1e3bdcc SHA512 e6fdecb4bb629f0882868b78f4b3a2549fce4471efcc4f2c6fdc414435799be6ce41cf056a3170952f8a1f401ee1ca372c97f2d7f79fba79239599755ade8949 WHIRLPOOL 766d84e7a2dfb2a6f069fd846e19d635f4dbd36f78014e97bbd159312d0b38d671b4db989584ca2b5b449046483b5b90d09edbe1c4531b266d8592ad7bad3c3a
 DIST ngx_memc_module-0.18.tar.gz 37113 SHA256 4e280d1dcb8b312bc7875604c1e35b17879279126d3d5fbf482aa9cc7c11276d SHA512 8087bd361fb4e522493e66f93d59c9b13245d6eef0fe4a53f619d1826feb02af60769c0a04f87f2faf5308a44b794ef146a445bdbe7cbc7f21c0edaaba08c706 WHIRLPOOL 9570bf7fb4e925d1794f3af0914efca036fe65696e7e380969133b89878e5f46f71cd5ffb7b5ea94085aced26d289abca77d7ef805f03ff614bc12a47d7aab3f
 DIST ngx_metrics-0.1.1.tar.gz 2964 SHA256 1c62ebb31e3caafad91720962770b0e7a4287f195520cf12471c262ac19b154e SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e WHIRLPOOL 2796f5a97e76dfcc91133240e8e90ba493f0356f781a173d8cacdd09eba64b75ef531db398c0566fda395124700de8c991b771433e376ca0d5898c2ea6f82868
 DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 SHA256 7ac230d30907f013dff8d435a118619ea6168aa3714dba62c6962d350c6295ae SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1 WHIRLPOOL 64c9b11ad938e6dbe5ba31298f1cd46f6e6bb4ba039c96b1e43bd85919d1606326f74b677f789ecabe0b0f4e0f08ac5aaf8148bf820de65aaa1e9966a28b9f61
-DIST ngx_rtmp-1.1.10.tar.gz 519877 SHA256 f9491dd24390b0d5d70dfe3553edf3d14efeb7c7a81b4d4a20c5cfeaefc1141c SHA512 bcc0aee3308af7c61bf01a5530fcf1dae938e6778306f6e3eb5995e6d0529f43d33b7ee2acb813d5a39acc92e4853d207a01e8e41b766a6e0dd07aade60cd98f WHIRLPOOL 655f4dcb02f928698ae14d29e5b7f60ad3fd71c757d67f1930c695a3501054d124a92f7ada7d4e605204f1e73e0779cad0b60102bc98d64764535581db0b1867
-DIST ngx_rtmp-1.1.11.tar.gz 519988 SHA256 71e8a0b42a41d1cb5ab1b9a8793f0e479e31fa9b59c4c6f5665df41cebf09e2b SHA512 e7c897265d1e93b06f7e46a653b113e24d2451e2112a7a6da415f130928437444a0346832fd9c10042397fea6120e4e44acc2bccf649ec30ca5bffbf985672e2 WHIRLPOOL a9799368dbfdc18d396b8b3abfe5582783c912fec1f3b0d8ce9444e1e0549c63eec9586a18adda1a323a86a4af09ae43051335545cd27e1b5dcb15bb25e1dac9
 DIST ngx_rtmp-1.2.0.tar.gz 519895 SHA256 a8026f5ade30b178a06f12c46dff053cfe12256016ad465a46646183086b16b0 SHA512 8965d9bee91a46375516ccd012d1c43cd23f15c0630d11ed01472b9a84504574b476f22c5584f43c972a8f923e9ae025b9b60c64aace0ed159c7279bcbd376c8 WHIRLPOOL ea18f30cac7310a9b9be92178266afab5403f9e2e52cf89142c3c8bd20c05b12390ae90bdb50ceabef7ba869ef95502fee2f046716daea95de10527acba826c8

diff --git a/www-servers/nginx/files/http_memc-0.17-issue_26.patch b/www-servers/nginx/files/http_memc-0.17-issue_26.patch
deleted file mode 100644
index aefb0402014..00000000000
--- a/www-servers/nginx/files/http_memc-0.17-issue_26.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 2fbc95b6ece36e01e6fea8c5691ef1611d948943 Mon Sep 17 00:00:00 2001
-From: Thomas Deutschmann <whissi@gentoo.org>
-Date: Tue, 15 Nov 2016 18:56:30 +0100
-Subject: [PATCH] Upstream: don't consider default_port when matching
- upstreams.
-
-Upstream changed API [Link 1] and removed ngx_http_upstream_srv_conf_t.default_port.
-
-Upstream's own changeset [Link 2] suggests that the check was not needed at
-all.
-
-Link 1: http://hg.nginx.org/nginx/rev/4dea01cf49e8
-Link 2: http://hg.nginx.org/nginx/rev/3fa5983b6b44
-Bug: https://github.com/openresty/memc-nginx-module/issues/26
----
- src/ngx_http_memc_util.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/src/ngx_http_memc_util.c b/src/ngx_http_memc_util.c
-index 090bf43..20cb877 100644
---- a/src/ngx_http_memc_util.c
-+++ b/src/ngx_http_memc_util.c
-@@ -141,12 +141,14 @@ ngx_http_memc_upstream_add(ngx_http_request_t *r, ngx_url_t *url)
-             continue;
-         }
- 
-+#if defined(nginx_version) && nginx_version < 1011006
-         if (uscfp[i]->default_port && url->default_port
-             && uscfp[i]->default_port != url->default_port)
-         {
-             dd("upstream_add: default_port not match");
-             continue;
-         }
-+#endif
- 
-         return uscfp[i];
-     }
--- 
-2.10.2
-

diff --git a/www-servers/nginx/nginx-1.10.3.ebuild b/www-servers/nginx/nginx-1.10.3.ebuild
deleted file mode 100644
index cf55f356592..00000000000
--- a/www-servers/nginx/nginx-1.10.3.ebuild
+++ /dev/null
@@ -1,988 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.32"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.1"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.7"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.55.1"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.10"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.60"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.1"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.17"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="0"
-KEYWORDS="amd64 ~arm ~arm64 ~ppc x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
-	rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM="access limit_conn upstream"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_upload_progress
-	http_headers_more
-	http_cache_purge
-	http_slowfs_cache
-	http_fancyindex
-	http_lua
-	http_auth_pam
-	http_upstream_check
-	http_metrics
-	http_naxsi
-	http_dav_ext
-	http_echo
-	http_security
-	http_push_stream
-	http_sticky
-	http_mogilefs
-	http_memc
-	http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( dev-libs/libpcre:= )
-	pcre-jit? ( dev-libs/libpcre:=[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
-	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl:= )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? (
-		dev-libs/apr:=
-		dev-libs/apr-util:=
-		dev-libs/libxml2:=
-		net-misc/curl
-		www-servers/apache
-	)
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:mainline"
-DEPEND="${CDEPEND}
-	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
-	if use nginx_modules_http_upstream_check; then
-		eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}/check_1.9.2+".patch
-	fi
-
-	if use nginx_modules_http_lua; then
-		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
-	fi
-
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		eapply "${FILESDIR}"/http_security-pr_1158.patch
-
-		eautoreconf
-
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upload_progress; then
-		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_memc; then
-		cd "${HTTP_MEMC_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_memc-0.17-issue_26.patch
-		cd "${S}" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		./configure \
-			--enable-standalone-module \
-			--disable-mlogc \
-			--with-ssdeep=no \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
-		cd "${S}" || die
-	fi
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use ipv6      && myconf+=( --with-ipv6 )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			# Treat stream upstream slightly differently
-			if ! use nginx_modules_stream_upstream; then
-				myconf+=( --without-stream_upstream_hash_module )
-				myconf+=( --without-stream_upstream_least_conn_module )
-				myconf+=( --without-stream_upstream_zone_module )
-			else
-				myconf+=( --without-stream_${mod}_module )
-			fi
-		fi
-	done
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
-	newconfd "${FILESDIR}"/nginx.confd nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 ${keepdir_list}
-	fowners ${PN}:${PN} ${keepdir_list}
-
-	fperms 0710 /var/log/nginx
-	fowners 0:${PN} /var/log/nginx
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
-	fi
-
-	local _n_permission_layout_checks=0
-	local _has_to_adjust_permissions=0
-	local _has_to_show_permission_warning=0
-
-	# Defaults to 1 to inform people doing a fresh installation
-	# that we ship modified {scgi,uwsgi,fastcgi}_params files
-	local _has_to_show_httpoxy_mitigation_notice=1
-
-	local _replacing_version=
-	for _replacing_version in ${REPLACING_VERSIONS}; do
-		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
-		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
-			# Should never happen:
-			# Package is abusing slots but doesn't allow multiple parallel installations.
-			# If we run into this situation it is unsafe to automatically adjust any
-			# permission...
-			_has_to_show_permission_warning=1
-
-			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
-				"You will have to adjust permissions on your own."
-
-			break
-		fi
-
-		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
-		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
-		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
-		# This was before we introduced multiple nginx versions so we
-		# do not need to distinguish between stable and mainline
-		local _need_to_fix_CVE2013_0337=1
-
-		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
-			# We are updating an installation which should already be fixed
-			_need_to_fix_CVE2013_0337=0
-			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
-		else
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
-		fi
-
-		# Do we need to inform about HTTPoxy mitigation?
-		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_show_httpoxy_mitigation_notice=1
-			debug-print "Need to inform about HTTPoxy mitigation!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.1-r2"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.3-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that the user has
-					# already seen the HTTPoxy mitigation notice because he/she is doing
-					# an update from previous version where we have already shown
-					# the warning. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation where we already informed
-				# that we are mitigating HTTPoxy per default
-				_has_to_show_httpoxy_mitigation_notice=0
-				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
-			else
-				_has_to_show_httpoxy_mitigation_notice=1
-				debug-print "Need to inform about HTTPoxy mitigation!"
-			fi
-		fi
-
-		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
-		# All branches up to 1.11 are affected
-		local _need_to_fix_CVE2016_1247=1
-
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.2-r3"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.6-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that we have already
-					# adjusted permissions or were never affected because user is
-					# doing an update from previous version which was safe or did
-					# the adjustments. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation which should already be adjusted
-				# or which was never affected
-				_need_to_fix_CVE2016_1247=0
-				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
-			else
-				_has_to_adjust_permissions=1
-				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-			fi
-		fi
-	done
-
-	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
-		# We do not DIE when chmod/chown commands are failing because
-		# package is already merged on user's system at this stage
-		# and we cannot retry without losing the information that
-		# the existing installation needs to adjust permissions.
-		# Instead we are going to a show a big warning ...
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The world-readable bit (if set) has been removed from the"
-			ewarn "following directories to mitigate a security bug"
-			ewarn "(CVE-2013-0337, bug #458726):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
-			chmod o-rwx \
-				"${EPREFIX%/}"/var/log/nginx \
-				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
-				_has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The permissions on the following directory have been reset in"
-			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "Also ensure that no other log directory used by any of your"
-			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-			ewarn "used by nginx can be abused to escalate privileges!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
-			# Should never happen ...
-			ewarn ""
-			ewarn "*************************************************************"
-			ewarn "***************         W A R N I N G         ***************"
-			ewarn "*************************************************************"
-			ewarn "The one-time only attempt to adjust permissions of the"
-			ewarn "existing nginx installation failed. Be aware that we will not"
-			ewarn "try to adjust the same permissions again because now you are"
-			ewarn "using a nginx version where we expect that the permissions"
-			ewarn "are already adjusted or that you know what you are doing and"
-			ewarn "want to keep custom permissions."
-			ewarn ""
-		fi
-	fi
-
-	# Sanity check for CVE-2016-1247
-	# Required to warn users who received the warning above and thought
-	# they could fix it by unmerging and re-merging the package or have
-	# unmerged a affected installation on purpose in the past leaving
-	# /var/log/nginx on their system due to keepdir/non-empty folder
-	# and are now installing the package again.
-	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
-	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
-	if [ $? -eq 0 ] ; then
-		# Cleanup -- no reason to die here!
-		rm -f "${_sanity_check_testfile}"
-
-		ewarn ""
-		ewarn "*************************************************************"
-		ewarn "***************         W A R N I N G         ***************"
-		ewarn "*************************************************************"
-		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
-		ewarn "(bug #605008) because nginx user is able to create files in"
-		ewarn ""
-		ewarn "  ${EPREFIX%/}/var/log/nginx"
-		ewarn ""
-		ewarn "Also ensure that no other log directory used by any of your"
-		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-		ewarn "used by nginx can be abused to escalate privileges!"
-	fi
-
-	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
-		# HTTPoxy mitigation
-		ewarn ""
-		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
-		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
-		ewarn "are sourcing one of the default"
-		ewarn ""
-		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
-		ewarn "  - 'scgi_params'"
-		ewarn "  - 'uwsgi_params'"
-		ewarn ""
-		ewarn "files in your server block(s)."
-		ewarn ""
-		ewarn "If this is causing any problems for you make sure that you are sourcing the"
-		ewarn "default parameters _before_ you set your own values."
-		ewarn "If you are relying on user-supplied proxy values you have to remove the"
-		ewarn "correlating lines from the file(s) mentioned above."
-		ewarn ""
-	fi
-}

diff --git a/www-servers/nginx/nginx-1.11.10.ebuild b/www-servers/nginx/nginx-1.11.10.ebuild
deleted file mode 100644
index ff20ef4f203..00000000000
--- a/www-servers/nginx/nginx-1.11.10.ebuild
+++ /dev/null
@@ -1,1001 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.32"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.1"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.7"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.55.3"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.10"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.60"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.1"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.17"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
-	rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
-	upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
-	upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_upload_progress
-	http_headers_more
-	http_cache_purge
-	http_slowfs_cache
-	http_fancyindex
-	http_lua
-	http_auth_pam
-	http_upstream_check
-	http_metrics
-	http_naxsi
-	http_dav_ext
-	http_echo
-	http_security
-	http_push_stream
-	http_sticky
-	http_mogilefs
-	http_memc
-	http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( dev-libs/libpcre:= )
-	pcre-jit? ( dev-libs/libpcre:=[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
-	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl:= )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? (
-		dev-libs/apr:=
-		dev-libs/apr-util:=
-		dev-libs/libxml2:=
-		net-misc/curl
-		www-servers/apache
-	)
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
-	if use nginx_modules_http_upstream_check; then
-		#eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
-		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
-	fi
-
-	if use nginx_modules_http_lua; then
-		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
-	fi
-
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		eapply "${FILESDIR}"/http_security-pr_1158.patch
-
-		eautoreconf
-
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upload_progress; then
-		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_memc; then
-		cd "${HTTP_MEMC_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_memc-0.17-issue_26.patch
-		cd "${S}" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		./configure \
-			--enable-standalone-module \
-			--disable-mlogc \
-			--with-ssdeep=no \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
-		cd "${S}" || die
-	fi
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM_STD; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			myconf+=( --without-stream_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_STREAM_OPT; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-			myconf+=( --with-stream_${mod}_module )
-		fi
-	done
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	local WITHOUT_IPV6=
-	if ! use ipv6; then
-		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		--with-compat \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
-	newconfd "${FILESDIR}"/nginx.confd nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 ${keepdir_list}
-	fowners ${PN}:${PN} ${keepdir_list}
-
-	fperms 0710 /var/log/nginx
-	fowners 0:${PN} /var/log/nginx
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
-	fi
-
-	local _n_permission_layout_checks=0
-	local _has_to_adjust_permissions=0
-	local _has_to_show_permission_warning=0
-
-	# Defaults to 1 to inform people doing a fresh installation
-	# that we ship modified {scgi,uwsgi,fastcgi}_params files
-	local _has_to_show_httpoxy_mitigation_notice=1
-
-	local _replacing_version=
-	for _replacing_version in ${REPLACING_VERSIONS}; do
-		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
-		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
-			# Should never happen:
-			# Package is abusing slots but doesn't allow multiple parallel installations.
-			# If we run into this situation it is unsafe to automatically adjust any
-			# permission...
-			_has_to_show_permission_warning=1
-
-			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
-				"You will have to adjust permissions on your own."
-
-			break
-		fi
-
-		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
-		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
-		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
-		# This was before we introduced multiple nginx versions so we
-		# do not need to distinguish between stable and mainline
-		local _need_to_fix_CVE2013_0337=1
-
-		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
-			# We are updating an installation which should already be fixed
-			_need_to_fix_CVE2013_0337=0
-			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
-		else
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
-		fi
-
-		# Do we need to inform about HTTPoxy mitigation?
-		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_show_httpoxy_mitigation_notice=1
-			debug-print "Need to inform about HTTPoxy mitigation!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.1-r2"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.3-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that the user has
-					# already seen the HTTPoxy mitigation notice because he/she is doing
-					# an update from previous version where we have already shown
-					# the warning. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation where we already informed
-				# that we are mitigating HTTPoxy per default
-				_has_to_show_httpoxy_mitigation_notice=0
-				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
-			else
-				_has_to_show_httpoxy_mitigation_notice=1
-				debug-print "Need to inform about HTTPoxy mitigation!"
-			fi
-		fi
-
-		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
-		# All branches up to 1.11 are affected
-		local _need_to_fix_CVE2016_1247=1
-
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.2-r3"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.6-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that we have already
-					# adjusted permissions or were never affected because user is
-					# doing an update from previous version which was safe or did
-					# the adjustments. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation which should already be adjusted
-				# or which was never affected
-				_need_to_fix_CVE2016_1247=0
-				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
-			else
-				_has_to_adjust_permissions=1
-				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-			fi
-		fi
-	done
-
-	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
-		# We do not DIE when chmod/chown commands are failing because
-		# package is already merged on user's system at this stage
-		# and we cannot retry without losing the information that
-		# the existing installation needs to adjust permissions.
-		# Instead we are going to a show a big warning ...
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The world-readable bit (if set) has been removed from the"
-			ewarn "following directories to mitigate a security bug"
-			ewarn "(CVE-2013-0337, bug #458726):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
-			chmod o-rwx \
-				"${EPREFIX%/}"/var/log/nginx \
-				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
-				_has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The permissions on the following directory have been reset in"
-			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "Also ensure that no other log directory used by any of your"
-			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-			ewarn "used by nginx can be abused to escalate privileges!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
-			# Should never happen ...
-			ewarn ""
-			ewarn "*************************************************************"
-			ewarn "***************         W A R N I N G         ***************"
-			ewarn "*************************************************************"
-			ewarn "The one-time only attempt to adjust permissions of the"
-			ewarn "existing nginx installation failed. Be aware that we will not"
-			ewarn "try to adjust the same permissions again because now you are"
-			ewarn "using a nginx version where we expect that the permissions"
-			ewarn "are already adjusted or that you know what you are doing and"
-			ewarn "want to keep custom permissions."
-			ewarn ""
-		fi
-	fi
-
-	# Sanity check for CVE-2016-1247
-	# Required to warn users who received the warning above and thought
-	# they could fix it by unmerging and re-merging the package or have
-	# unmerged a affected installation on purpose in the past leaving
-	# /var/log/nginx on their system due to keepdir/non-empty folder
-	# and are now installing the package again.
-	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
-	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
-	if [ $? -eq 0 ] ; then
-		# Cleanup -- no reason to die here!
-		rm -f "${_sanity_check_testfile}"
-
-		ewarn ""
-		ewarn "*************************************************************"
-		ewarn "***************         W A R N I N G         ***************"
-		ewarn "*************************************************************"
-		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
-		ewarn "(bug #605008) because nginx user is able to create files in"
-		ewarn ""
-		ewarn "  ${EPREFIX%/}/var/log/nginx"
-		ewarn ""
-		ewarn "Also ensure that no other log directory used by any of your"
-		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-		ewarn "used by nginx can be abused to escalate privileges!"
-	fi
-
-	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
-		# HTTPoxy mitigation
-		ewarn ""
-		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
-		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
-		ewarn "are sourcing one of the default"
-		ewarn ""
-		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
-		ewarn "  - 'scgi_params'"
-		ewarn "  - 'uwsgi_params'"
-		ewarn ""
-		ewarn "files in your server block(s)."
-		ewarn ""
-		ewarn "If this is causing any problems for you make sure that you are sourcing the"
-		ewarn "default parameters _before_ you set your own values."
-		ewarn "If you are relying on user-supplied proxy values you have to remove the"
-		ewarn "correlating lines from the file(s) mentioned above."
-		ewarn ""
-	fi
-}

diff --git a/www-servers/nginx/nginx-1.11.13-r1.ebuild b/www-servers/nginx/nginx-1.11.13-r1.ebuild
deleted file mode 100644
index cb4c774f1aa..00000000000
--- a/www-servers/nginx/nginx-1.11.13-r1.ebuild
+++ /dev/null
@@ -1,1015 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.32"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.1"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.8"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.55.3"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.11"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.60"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.1"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.18"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
-	rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
-	upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
-	upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_upload_progress
-	http_headers_more
-	http_cache_purge
-	http_slowfs_cache
-	http_fancyindex
-	http_lua
-	http_auth_pam
-	http_upstream_check
-	http_metrics
-	http_naxsi
-	http_dav_ext
-	http_echo
-	http_security
-	http_push_stream
-	http_sticky
-	http_mogilefs
-	http_memc
-	http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( dev-libs/libpcre:= )
-	pcre-jit? ( dev-libs/libpcre:=[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
-	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl:= )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? (
-		dev-libs/apr:=
-		dev-libs/apr-util:=
-		dev-libs/libxml2:=
-		net-misc/curl
-		www-servers/apache
-	)
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
-	if use nginx_modules_http_echo; then
-		cd "${HTTP_ECHO_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_echo-nginx-1.11.11+.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		#eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
-		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
-	fi
-
-	if use nginx_modules_http_lua; then
-		cd "${HTTP_LUA_MODULE_WD}" || die
-		eapply -p1 "${FILESDIR}"/http_lua_nginx-1.11.11+-r1.patch
-		cd "${S}" || die
-		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
-	fi
-
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		eapply "${FILESDIR}"/http_security-pr_1158.patch
-		eapply "${FILESDIR}"/http_security-pr_1373.patch
-
-		eautoreconf
-
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upload_progress; then
-		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
-		cd "${S}" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		./configure \
-			--enable-standalone-module \
-			--disable-mlogc \
-			--with-ssdeep=no \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
-		cd "${S}" || die
-	fi
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM_STD; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			myconf+=( --without-stream_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_STREAM_OPT; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-			myconf+=( --with-stream_${mod}_module )
-		fi
-	done
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	local WITHOUT_IPV6=
-	if ! use ipv6; then
-		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		--with-compat \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
-	newconfd "${FILESDIR}"/nginx.confd nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 ${keepdir_list}
-	fowners ${PN}:${PN} ${keepdir_list}
-
-	fperms 0710 /var/log/nginx
-	fowners 0:${PN} /var/log/nginx
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn ""
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua; then
-		ewarn ""
-		ewarn "While you can build lua 3rd party module against ${P}"
-		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
-		ewarn "officially supported target yet. You are on your own."
-		ewarn "Expect runtime failures, memory leaks and other problems!"
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn ""
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
-	fi
-
-	local _n_permission_layout_checks=0
-	local _has_to_adjust_permissions=0
-	local _has_to_show_permission_warning=0
-
-	# Defaults to 1 to inform people doing a fresh installation
-	# that we ship modified {scgi,uwsgi,fastcgi}_params files
-	local _has_to_show_httpoxy_mitigation_notice=1
-
-	local _replacing_version=
-	for _replacing_version in ${REPLACING_VERSIONS}; do
-		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
-		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
-			# Should never happen:
-			# Package is abusing slots but doesn't allow multiple parallel installations.
-			# If we run into this situation it is unsafe to automatically adjust any
-			# permission...
-			_has_to_show_permission_warning=1
-
-			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
-				"You will have to adjust permissions on your own."
-
-			break
-		fi
-
-		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
-		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
-		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
-		# This was before we introduced multiple nginx versions so we
-		# do not need to distinguish between stable and mainline
-		local _need_to_fix_CVE2013_0337=1
-
-		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
-			# We are updating an installation which should already be fixed
-			_need_to_fix_CVE2013_0337=0
-			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
-		else
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
-		fi
-
-		# Do we need to inform about HTTPoxy mitigation?
-		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_show_httpoxy_mitigation_notice=1
-			debug-print "Need to inform about HTTPoxy mitigation!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.1-r2"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.3-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that the user has
-					# already seen the HTTPoxy mitigation notice because he/she is doing
-					# an update from previous version where we have already shown
-					# the warning. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation where we already informed
-				# that we are mitigating HTTPoxy per default
-				_has_to_show_httpoxy_mitigation_notice=0
-				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
-			else
-				_has_to_show_httpoxy_mitigation_notice=1
-				debug-print "Need to inform about HTTPoxy mitigation!"
-			fi
-		fi
-
-		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
-		# All branches up to 1.11 are affected
-		local _need_to_fix_CVE2016_1247=1
-
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.2-r3"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.6-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that we have already
-					# adjusted permissions or were never affected because user is
-					# doing an update from previous version which was safe or did
-					# the adjustments. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation which should already be adjusted
-				# or which was never affected
-				_need_to_fix_CVE2016_1247=0
-				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
-			else
-				_has_to_adjust_permissions=1
-				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-			fi
-		fi
-	done
-
-	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
-		# We do not DIE when chmod/chown commands are failing because
-		# package is already merged on user's system at this stage
-		# and we cannot retry without losing the information that
-		# the existing installation needs to adjust permissions.
-		# Instead we are going to a show a big warning ...
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The world-readable bit (if set) has been removed from the"
-			ewarn "following directories to mitigate a security bug"
-			ewarn "(CVE-2013-0337, bug #458726):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
-			chmod o-rwx \
-				"${EPREFIX%/}"/var/log/nginx \
-				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
-				_has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The permissions on the following directory have been reset in"
-			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "Also ensure that no other log directory used by any of your"
-			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-			ewarn "used by nginx can be abused to escalate privileges!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
-			# Should never happen ...
-			ewarn ""
-			ewarn "*************************************************************"
-			ewarn "***************         W A R N I N G         ***************"
-			ewarn "*************************************************************"
-			ewarn "The one-time only attempt to adjust permissions of the"
-			ewarn "existing nginx installation failed. Be aware that we will not"
-			ewarn "try to adjust the same permissions again because now you are"
-			ewarn "using a nginx version where we expect that the permissions"
-			ewarn "are already adjusted or that you know what you are doing and"
-			ewarn "want to keep custom permissions."
-			ewarn ""
-		fi
-	fi
-
-	# Sanity check for CVE-2016-1247
-	# Required to warn users who received the warning above and thought
-	# they could fix it by unmerging and re-merging the package or have
-	# unmerged a affected installation on purpose in the past leaving
-	# /var/log/nginx on their system due to keepdir/non-empty folder
-	# and are now installing the package again.
-	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
-	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
-	if [ $? -eq 0 ] ; then
-		# Cleanup -- no reason to die here!
-		rm -f "${_sanity_check_testfile}"
-
-		ewarn ""
-		ewarn "*************************************************************"
-		ewarn "***************         W A R N I N G         ***************"
-		ewarn "*************************************************************"
-		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
-		ewarn "(bug #605008) because nginx user is able to create files in"
-		ewarn ""
-		ewarn "  ${EPREFIX%/}/var/log/nginx"
-		ewarn ""
-		ewarn "Also ensure that no other log directory used by any of your"
-		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-		ewarn "used by nginx can be abused to escalate privileges!"
-	fi
-
-	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
-		# HTTPoxy mitigation
-		ewarn ""
-		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
-		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
-		ewarn "are sourcing one of the default"
-		ewarn ""
-		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
-		ewarn "  - 'scgi_params'"
-		ewarn "  - 'uwsgi_params'"
-		ewarn ""
-		ewarn "files in your server block(s)."
-		ewarn ""
-		ewarn "If this is causing any problems for you make sure that you are sourcing the"
-		ewarn "default parameters _before_ you set your own values."
-		ewarn "If you are relying on user-supplied proxy values you have to remove the"
-		ewarn "correlating lines from the file(s) mentioned above."
-		ewarn ""
-	fi
-}

diff --git a/www-servers/nginx/nginx-1.12.0.ebuild b/www-servers/nginx/nginx-1.12.0.ebuild
deleted file mode 100644
index a28bc1a098f..00000000000
--- a/www-servers/nginx/nginx-1.12.0.ebuild
+++ /dev/null
@@ -1,1015 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.32"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.1"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.8"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.55.3"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.11"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.60"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.1"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.18"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
-	rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
-	upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
-	upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_upload_progress
-	http_headers_more
-	http_cache_purge
-	http_slowfs_cache
-	http_fancyindex
-	http_lua
-	http_auth_pam
-	http_upstream_check
-	http_metrics
-	http_naxsi
-	http_dav_ext
-	http_echo
-	http_security
-	http_push_stream
-	http_sticky
-	http_mogilefs
-	http_memc
-	http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( dev-libs/libpcre:= )
-	pcre-jit? ( dev-libs/libpcre:=[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
-	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl:= )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? (
-		dev-libs/apr:=
-		dev-libs/apr-util:=
-		dev-libs/libxml2:=
-		net-misc/curl
-		www-servers/apache
-	)
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:mainline"
-DEPEND="${CDEPEND}
-	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
-	if use nginx_modules_http_echo; then
-		cd "${HTTP_ECHO_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_echo-nginx-1.11.11+.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		#eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
-		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
-	fi
-
-	if use nginx_modules_http_lua; then
-		cd "${HTTP_LUA_MODULE_WD}" || die
-		eapply -p1 "${FILESDIR}"/http_lua_nginx-1.11.11+-r1.patch
-		cd "${S}" || die
-		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
-	fi
-
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		eapply "${FILESDIR}"/http_security-pr_1158.patch
-		eapply "${FILESDIR}"/http_security-pr_1373.patch
-
-		eautoreconf
-
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upload_progress; then
-		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
-		cd "${S}" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		./configure \
-			--enable-standalone-module \
-			--disable-mlogc \
-			--with-ssdeep=no \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
-		cd "${S}" || die
-	fi
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM_STD; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			myconf+=( --without-stream_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_STREAM_OPT; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-			myconf+=( --with-stream_${mod}_module )
-		fi
-	done
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	local WITHOUT_IPV6=
-	if ! use ipv6; then
-		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		--with-compat \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
-	newconfd "${FILESDIR}"/nginx.confd nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 ${keepdir_list}
-	fowners ${PN}:${PN} ${keepdir_list}
-
-	fperms 0710 /var/log/nginx
-	fowners 0:${PN} /var/log/nginx
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn ""
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua; then
-		ewarn ""
-		ewarn "While you can build lua 3rd party module against ${P}"
-		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
-		ewarn "officially supported target yet. You are on your own."
-		ewarn "Expect runtime failures, memory leaks and other problems!"
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn ""
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
-	fi
-
-	local _n_permission_layout_checks=0
-	local _has_to_adjust_permissions=0
-	local _has_to_show_permission_warning=0
-
-	# Defaults to 1 to inform people doing a fresh installation
-	# that we ship modified {scgi,uwsgi,fastcgi}_params files
-	local _has_to_show_httpoxy_mitigation_notice=1
-
-	local _replacing_version=
-	for _replacing_version in ${REPLACING_VERSIONS}; do
-		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
-		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
-			# Should never happen:
-			# Package is abusing slots but doesn't allow multiple parallel installations.
-			# If we run into this situation it is unsafe to automatically adjust any
-			# permission...
-			_has_to_show_permission_warning=1
-
-			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
-				"You will have to adjust permissions on your own."
-
-			break
-		fi
-
-		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
-		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
-		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
-		# This was before we introduced multiple nginx versions so we
-		# do not need to distinguish between stable and mainline
-		local _need_to_fix_CVE2013_0337=1
-
-		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
-			# We are updating an installation which should already be fixed
-			_need_to_fix_CVE2013_0337=0
-			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
-		else
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
-		fi
-
-		# Do we need to inform about HTTPoxy mitigation?
-		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_show_httpoxy_mitigation_notice=1
-			debug-print "Need to inform about HTTPoxy mitigation!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.1-r2"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.3-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that the user has
-					# already seen the HTTPoxy mitigation notice because he/she is doing
-					# an update from previous version where we have already shown
-					# the warning. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation where we already informed
-				# that we are mitigating HTTPoxy per default
-				_has_to_show_httpoxy_mitigation_notice=0
-				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
-			else
-				_has_to_show_httpoxy_mitigation_notice=1
-				debug-print "Need to inform about HTTPoxy mitigation!"
-			fi
-		fi
-
-		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
-		# All branches up to 1.11 are affected
-		local _need_to_fix_CVE2016_1247=1
-
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.2-r3"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.6-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that we have already
-					# adjusted permissions or were never affected because user is
-					# doing an update from previous version which was safe or did
-					# the adjustments. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation which should already be adjusted
-				# or which was never affected
-				_need_to_fix_CVE2016_1247=0
-				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
-			else
-				_has_to_adjust_permissions=1
-				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-			fi
-		fi
-	done
-
-	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
-		# We do not DIE when chmod/chown commands are failing because
-		# package is already merged on user's system at this stage
-		# and we cannot retry without losing the information that
-		# the existing installation needs to adjust permissions.
-		# Instead we are going to a show a big warning ...
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The world-readable bit (if set) has been removed from the"
-			ewarn "following directories to mitigate a security bug"
-			ewarn "(CVE-2013-0337, bug #458726):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
-			chmod o-rwx \
-				"${EPREFIX%/}"/var/log/nginx \
-				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
-				_has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The permissions on the following directory have been reset in"
-			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "Also ensure that no other log directory used by any of your"
-			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-			ewarn "used by nginx can be abused to escalate privileges!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
-			# Should never happen ...
-			ewarn ""
-			ewarn "*************************************************************"
-			ewarn "***************         W A R N I N G         ***************"
-			ewarn "*************************************************************"
-			ewarn "The one-time only attempt to adjust permissions of the"
-			ewarn "existing nginx installation failed. Be aware that we will not"
-			ewarn "try to adjust the same permissions again because now you are"
-			ewarn "using a nginx version where we expect that the permissions"
-			ewarn "are already adjusted or that you know what you are doing and"
-			ewarn "want to keep custom permissions."
-			ewarn ""
-		fi
-	fi
-
-	# Sanity check for CVE-2016-1247
-	# Required to warn users who received the warning above and thought
-	# they could fix it by unmerging and re-merging the package or have
-	# unmerged a affected installation on purpose in the past leaving
-	# /var/log/nginx on their system due to keepdir/non-empty folder
-	# and are now installing the package again.
-	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
-	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
-	if [ $? -eq 0 ] ; then
-		# Cleanup -- no reason to die here!
-		rm -f "${_sanity_check_testfile}"
-
-		ewarn ""
-		ewarn "*************************************************************"
-		ewarn "***************         W A R N I N G         ***************"
-		ewarn "*************************************************************"
-		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
-		ewarn "(bug #605008) because nginx user is able to create files in"
-		ewarn ""
-		ewarn "  ${EPREFIX%/}/var/log/nginx"
-		ewarn ""
-		ewarn "Also ensure that no other log directory used by any of your"
-		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-		ewarn "used by nginx can be abused to escalate privileges!"
-	fi
-
-	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
-		# HTTPoxy mitigation
-		ewarn ""
-		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
-		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
-		ewarn "are sourcing one of the default"
-		ewarn ""
-		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
-		ewarn "  - 'scgi_params'"
-		ewarn "  - 'uwsgi_params'"
-		ewarn ""
-		ewarn "files in your server block(s)."
-		ewarn ""
-		ewarn "If this is causing any problems for you make sure that you are sourcing the"
-		ewarn "default parameters _before_ you set your own values."
-		ewarn "If you are relying on user-supplied proxy values you have to remove the"
-		ewarn "correlating lines from the file(s) mentioned above."
-		ewarn ""
-	fi
-}

diff --git a/www-servers/nginx/nginx-1.13.0.ebuild b/www-servers/nginx/nginx-1.13.0.ebuild
deleted file mode 100644
index cb4c774f1aa..00000000000
--- a/www-servers/nginx/nginx-1.13.0.ebuild
+++ /dev/null
@@ -1,1015 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.32"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.1"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.8"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.55.3"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.11"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.60"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.1"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.18"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
-	rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
-	upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
-	upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_upload_progress
-	http_headers_more
-	http_cache_purge
-	http_slowfs_cache
-	http_fancyindex
-	http_lua
-	http_auth_pam
-	http_upstream_check
-	http_metrics
-	http_naxsi
-	http_dav_ext
-	http_echo
-	http_security
-	http_push_stream
-	http_sticky
-	http_mogilefs
-	http_memc
-	http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( dev-libs/libpcre:= )
-	pcre-jit? ( dev-libs/libpcre:=[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
-	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl:= )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? (
-		dev-libs/apr:=
-		dev-libs/apr-util:=
-		dev-libs/libxml2:=
-		net-misc/curl
-		www-servers/apache
-	)
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
-	if use nginx_modules_http_echo; then
-		cd "${HTTP_ECHO_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_echo-nginx-1.11.11+.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		#eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
-		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
-	fi
-
-	if use nginx_modules_http_lua; then
-		cd "${HTTP_LUA_MODULE_WD}" || die
-		eapply -p1 "${FILESDIR}"/http_lua_nginx-1.11.11+-r1.patch
-		cd "${S}" || die
-		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
-	fi
-
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		eapply "${FILESDIR}"/http_security-pr_1158.patch
-		eapply "${FILESDIR}"/http_security-pr_1373.patch
-
-		eautoreconf
-
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upload_progress; then
-		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
-		cd "${S}" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		./configure \
-			--enable-standalone-module \
-			--disable-mlogc \
-			--with-ssdeep=no \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
-		cd "${S}" || die
-	fi
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM_STD; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			myconf+=( --without-stream_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_STREAM_OPT; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-			myconf+=( --with-stream_${mod}_module )
-		fi
-	done
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	local WITHOUT_IPV6=
-	if ! use ipv6; then
-		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		--with-compat \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
-	newconfd "${FILESDIR}"/nginx.confd nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 ${keepdir_list}
-	fowners ${PN}:${PN} ${keepdir_list}
-
-	fperms 0710 /var/log/nginx
-	fowners 0:${PN} /var/log/nginx
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn ""
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua; then
-		ewarn ""
-		ewarn "While you can build lua 3rd party module against ${P}"
-		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
-		ewarn "officially supported target yet. You are on your own."
-		ewarn "Expect runtime failures, memory leaks and other problems!"
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn ""
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
-	fi
-
-	local _n_permission_layout_checks=0
-	local _has_to_adjust_permissions=0
-	local _has_to_show_permission_warning=0
-
-	# Defaults to 1 to inform people doing a fresh installation
-	# that we ship modified {scgi,uwsgi,fastcgi}_params files
-	local _has_to_show_httpoxy_mitigation_notice=1
-
-	local _replacing_version=
-	for _replacing_version in ${REPLACING_VERSIONS}; do
-		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
-		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
-			# Should never happen:
-			# Package is abusing slots but doesn't allow multiple parallel installations.
-			# If we run into this situation it is unsafe to automatically adjust any
-			# permission...
-			_has_to_show_permission_warning=1
-
-			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
-				"You will have to adjust permissions on your own."
-
-			break
-		fi
-
-		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
-		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
-		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
-		# This was before we introduced multiple nginx versions so we
-		# do not need to distinguish between stable and mainline
-		local _need_to_fix_CVE2013_0337=1
-
-		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
-			# We are updating an installation which should already be fixed
-			_need_to_fix_CVE2013_0337=0
-			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
-		else
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
-		fi
-
-		# Do we need to inform about HTTPoxy mitigation?
-		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_show_httpoxy_mitigation_notice=1
-			debug-print "Need to inform about HTTPoxy mitigation!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.1-r2"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.3-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that the user has
-					# already seen the HTTPoxy mitigation notice because he/she is doing
-					# an update from previous version where we have already shown
-					# the warning. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation where we already informed
-				# that we are mitigating HTTPoxy per default
-				_has_to_show_httpoxy_mitigation_notice=0
-				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
-			else
-				_has_to_show_httpoxy_mitigation_notice=1
-				debug-print "Need to inform about HTTPoxy mitigation!"
-			fi
-		fi
-
-		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
-		# All branches up to 1.11 are affected
-		local _need_to_fix_CVE2016_1247=1
-
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.2-r3"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.6-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that we have already
-					# adjusted permissions or were never affected because user is
-					# doing an update from previous version which was safe or did
-					# the adjustments. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation which should already be adjusted
-				# or which was never affected
-				_need_to_fix_CVE2016_1247=0
-				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
-			else
-				_has_to_adjust_permissions=1
-				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-			fi
-		fi
-	done
-
-	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
-		# We do not DIE when chmod/chown commands are failing because
-		# package is already merged on user's system at this stage
-		# and we cannot retry without losing the information that
-		# the existing installation needs to adjust permissions.
-		# Instead we are going to a show a big warning ...
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The world-readable bit (if set) has been removed from the"
-			ewarn "following directories to mitigate a security bug"
-			ewarn "(CVE-2013-0337, bug #458726):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
-			chmod o-rwx \
-				"${EPREFIX%/}"/var/log/nginx \
-				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
-				_has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The permissions on the following directory have been reset in"
-			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "Also ensure that no other log directory used by any of your"
-			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-			ewarn "used by nginx can be abused to escalate privileges!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
-			# Should never happen ...
-			ewarn ""
-			ewarn "*************************************************************"
-			ewarn "***************         W A R N I N G         ***************"
-			ewarn "*************************************************************"
-			ewarn "The one-time only attempt to adjust permissions of the"
-			ewarn "existing nginx installation failed. Be aware that we will not"
-			ewarn "try to adjust the same permissions again because now you are"
-			ewarn "using a nginx version where we expect that the permissions"
-			ewarn "are already adjusted or that you know what you are doing and"
-			ewarn "want to keep custom permissions."
-			ewarn ""
-		fi
-	fi
-
-	# Sanity check for CVE-2016-1247
-	# Required to warn users who received the warning above and thought
-	# they could fix it by unmerging and re-merging the package or have
-	# unmerged a affected installation on purpose in the past leaving
-	# /var/log/nginx on their system due to keepdir/non-empty folder
-	# and are now installing the package again.
-	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
-	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
-	if [ $? -eq 0 ] ; then
-		# Cleanup -- no reason to die here!
-		rm -f "${_sanity_check_testfile}"
-
-		ewarn ""
-		ewarn "*************************************************************"
-		ewarn "***************         W A R N I N G         ***************"
-		ewarn "*************************************************************"
-		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
-		ewarn "(bug #605008) because nginx user is able to create files in"
-		ewarn ""
-		ewarn "  ${EPREFIX%/}/var/log/nginx"
-		ewarn ""
-		ewarn "Also ensure that no other log directory used by any of your"
-		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-		ewarn "used by nginx can be abused to escalate privileges!"
-	fi
-
-	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
-		# HTTPoxy mitigation
-		ewarn ""
-		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
-		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
-		ewarn "are sourcing one of the default"
-		ewarn ""
-		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
-		ewarn "  - 'scgi_params'"
-		ewarn "  - 'uwsgi_params'"
-		ewarn ""
-		ewarn "files in your server block(s)."
-		ewarn ""
-		ewarn "If this is causing any problems for you make sure that you are sourcing the"
-		ewarn "default parameters _before_ you set your own values."
-		ewarn "If you are relying on user-supplied proxy values you have to remove the"
-		ewarn "correlating lines from the file(s) mentioned above."
-		ewarn ""
-	fi
-}

diff --git a/www-servers/nginx/nginx-1.13.1.ebuild b/www-servers/nginx/nginx-1.13.1.ebuild
deleted file mode 100644
index cb4c774f1aa..00000000000
--- a/www-servers/nginx/nginx-1.13.1.ebuild
+++ /dev/null
@@ -1,1015 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.32"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.1"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.8"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.55.3"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.11"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.60"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.1"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.18"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
-	rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
-	upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
-	upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_upload_progress
-	http_headers_more
-	http_cache_purge
-	http_slowfs_cache
-	http_fancyindex
-	http_lua
-	http_auth_pam
-	http_upstream_check
-	http_metrics
-	http_naxsi
-	http_dav_ext
-	http_echo
-	http_security
-	http_push_stream
-	http_sticky
-	http_mogilefs
-	http_memc
-	http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( dev-libs/libpcre:= )
-	pcre-jit? ( dev-libs/libpcre:=[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
-	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl:= )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? (
-		dev-libs/apr:=
-		dev-libs/apr-util:=
-		dev-libs/libxml2:=
-		net-misc/curl
-		www-servers/apache
-	)
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
-	if use nginx_modules_http_echo; then
-		cd "${HTTP_ECHO_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_echo-nginx-1.11.11+.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		#eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
-		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
-	fi
-
-	if use nginx_modules_http_lua; then
-		cd "${HTTP_LUA_MODULE_WD}" || die
-		eapply -p1 "${FILESDIR}"/http_lua_nginx-1.11.11+-r1.patch
-		cd "${S}" || die
-		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
-	fi
-
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		eapply "${FILESDIR}"/http_security-pr_1158.patch
-		eapply "${FILESDIR}"/http_security-pr_1373.patch
-
-		eautoreconf
-
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upload_progress; then
-		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
-		cd "${S}" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		./configure \
-			--enable-standalone-module \
-			--disable-mlogc \
-			--with-ssdeep=no \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
-		cd "${S}" || die
-	fi
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM_STD; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			myconf+=( --without-stream_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_STREAM_OPT; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-			myconf+=( --with-stream_${mod}_module )
-		fi
-	done
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	local WITHOUT_IPV6=
-	if ! use ipv6; then
-		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		--with-compat \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
-	newconfd "${FILESDIR}"/nginx.confd nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 ${keepdir_list}
-	fowners ${PN}:${PN} ${keepdir_list}
-
-	fperms 0710 /var/log/nginx
-	fowners 0:${PN} /var/log/nginx
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn ""
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua; then
-		ewarn ""
-		ewarn "While you can build lua 3rd party module against ${P}"
-		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
-		ewarn "officially supported target yet. You are on your own."
-		ewarn "Expect runtime failures, memory leaks and other problems!"
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn ""
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
-	fi
-
-	local _n_permission_layout_checks=0
-	local _has_to_adjust_permissions=0
-	local _has_to_show_permission_warning=0
-
-	# Defaults to 1 to inform people doing a fresh installation
-	# that we ship modified {scgi,uwsgi,fastcgi}_params files
-	local _has_to_show_httpoxy_mitigation_notice=1
-
-	local _replacing_version=
-	for _replacing_version in ${REPLACING_VERSIONS}; do
-		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
-		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
-			# Should never happen:
-			# Package is abusing slots but doesn't allow multiple parallel installations.
-			# If we run into this situation it is unsafe to automatically adjust any
-			# permission...
-			_has_to_show_permission_warning=1
-
-			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
-				"You will have to adjust permissions on your own."
-
-			break
-		fi
-
-		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
-		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
-		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
-		# This was before we introduced multiple nginx versions so we
-		# do not need to distinguish between stable and mainline
-		local _need_to_fix_CVE2013_0337=1
-
-		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
-			# We are updating an installation which should already be fixed
-			_need_to_fix_CVE2013_0337=0
-			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
-		else
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
-		fi
-
-		# Do we need to inform about HTTPoxy mitigation?
-		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_show_httpoxy_mitigation_notice=1
-			debug-print "Need to inform about HTTPoxy mitigation!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.1-r2"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.3-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that the user has
-					# already seen the HTTPoxy mitigation notice because he/she is doing
-					# an update from previous version where we have already shown
-					# the warning. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation where we already informed
-				# that we are mitigating HTTPoxy per default
-				_has_to_show_httpoxy_mitigation_notice=0
-				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
-			else
-				_has_to_show_httpoxy_mitigation_notice=1
-				debug-print "Need to inform about HTTPoxy mitigation!"
-			fi
-		fi
-
-		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
-		# All branches up to 1.11 are affected
-		local _need_to_fix_CVE2016_1247=1
-
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.2-r3"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.6-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that we have already
-					# adjusted permissions or were never affected because user is
-					# doing an update from previous version which was safe or did
-					# the adjustments. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation which should already be adjusted
-				# or which was never affected
-				_need_to_fix_CVE2016_1247=0
-				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
-			else
-				_has_to_adjust_permissions=1
-				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-			fi
-		fi
-	done
-
-	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
-		# We do not DIE when chmod/chown commands are failing because
-		# package is already merged on user's system at this stage
-		# and we cannot retry without losing the information that
-		# the existing installation needs to adjust permissions.
-		# Instead we are going to a show a big warning ...
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The world-readable bit (if set) has been removed from the"
-			ewarn "following directories to mitigate a security bug"
-			ewarn "(CVE-2013-0337, bug #458726):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
-			chmod o-rwx \
-				"${EPREFIX%/}"/var/log/nginx \
-				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
-				_has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The permissions on the following directory have been reset in"
-			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "Also ensure that no other log directory used by any of your"
-			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-			ewarn "used by nginx can be abused to escalate privileges!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
-			# Should never happen ...
-			ewarn ""
-			ewarn "*************************************************************"
-			ewarn "***************         W A R N I N G         ***************"
-			ewarn "*************************************************************"
-			ewarn "The one-time only attempt to adjust permissions of the"
-			ewarn "existing nginx installation failed. Be aware that we will not"
-			ewarn "try to adjust the same permissions again because now you are"
-			ewarn "using a nginx version where we expect that the permissions"
-			ewarn "are already adjusted or that you know what you are doing and"
-			ewarn "want to keep custom permissions."
-			ewarn ""
-		fi
-	fi
-
-	# Sanity check for CVE-2016-1247
-	# Required to warn users who received the warning above and thought
-	# they could fix it by unmerging and re-merging the package or have
-	# unmerged a affected installation on purpose in the past leaving
-	# /var/log/nginx on their system due to keepdir/non-empty folder
-	# and are now installing the package again.
-	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
-	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
-	if [ $? -eq 0 ] ; then
-		# Cleanup -- no reason to die here!
-		rm -f "${_sanity_check_testfile}"
-
-		ewarn ""
-		ewarn "*************************************************************"
-		ewarn "***************         W A R N I N G         ***************"
-		ewarn "*************************************************************"
-		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
-		ewarn "(bug #605008) because nginx user is able to create files in"
-		ewarn ""
-		ewarn "  ${EPREFIX%/}/var/log/nginx"
-		ewarn ""
-		ewarn "Also ensure that no other log directory used by any of your"
-		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-		ewarn "used by nginx can be abused to escalate privileges!"
-	fi
-
-	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
-		# HTTPoxy mitigation
-		ewarn ""
-		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
-		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
-		ewarn "are sourcing one of the default"
-		ewarn ""
-		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
-		ewarn "  - 'scgi_params'"
-		ewarn "  - 'uwsgi_params'"
-		ewarn ""
-		ewarn "files in your server block(s)."
-		ewarn ""
-		ewarn "If this is causing any problems for you make sure that you are sourcing the"
-		ewarn "default parameters _before_ you set your own values."
-		ewarn "If you are relying on user-supplied proxy values you have to remove the"
-		ewarn "correlating lines from the file(s) mentioned above."
-		ewarn ""
-	fi
-}

diff --git a/www-servers/nginx/nginx-1.13.2.ebuild b/www-servers/nginx/nginx-1.13.2.ebuild
deleted file mode 100644
index cb4c774f1aa..00000000000
--- a/www-servers/nginx/nginx-1.13.2.ebuild
+++ /dev/null
@@ -1,1015 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.32"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.1"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.8"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.55.3"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.1.11"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.0.3"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.60"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.1"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.18"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
-	rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
-	upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
-	upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_upload_progress
-	http_headers_more
-	http_cache_purge
-	http_slowfs_cache
-	http_fancyindex
-	http_lua
-	http_auth_pam
-	http_upstream_check
-	http_metrics
-	http_naxsi
-	http_dav_ext
-	http_echo
-	http_security
-	http_push_stream
-	http_sticky
-	http_mogilefs
-	http_memc
-	http_auth_ldap"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( dev-libs/libpcre:= )
-	pcre-jit? ( dev-libs/libpcre:=[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
-	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl:= )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? (
-		dev-libs/apr:=
-		dev-libs/apr-util:=
-		dev-libs/libxml2:=
-		net-misc/curl
-		www-servers/apache
-	)
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
-	if use nginx_modules_http_echo; then
-		cd "${HTTP_ECHO_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_echo-nginx-1.11.11+.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		#eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
-		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
-	fi
-
-	if use nginx_modules_http_lua; then
-		cd "${HTTP_LUA_MODULE_WD}" || die
-		eapply -p1 "${FILESDIR}"/http_lua_nginx-1.11.11+-r1.patch
-		cd "${S}" || die
-		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
-	fi
-
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		eapply "${FILESDIR}"/http_security-pr_1158.patch
-		eapply "${FILESDIR}"/http_security-pr_1373.patch
-
-		eautoreconf
-
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upload_progress; then
-		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
-		cd "${S}" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		./configure \
-			--enable-standalone-module \
-			--disable-mlogc \
-			--with-ssdeep=no \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
-		cd "${S}" || die
-	fi
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM_STD; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			myconf+=( --without-stream_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_STREAM_OPT; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-			myconf+=( --with-stream_${mod}_module )
-		fi
-	done
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	local WITHOUT_IPV6=
-	if ! use ipv6; then
-		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		--with-compat \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
-	newconfd "${FILESDIR}"/nginx.confd nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 ${keepdir_list}
-	fowners ${PN}:${PN} ${keepdir_list}
-
-	fperms 0710 /var/log/nginx
-	fowners 0:${PN} /var/log/nginx
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn ""
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua; then
-		ewarn ""
-		ewarn "While you can build lua 3rd party module against ${P}"
-		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
-		ewarn "officially supported target yet. You are on your own."
-		ewarn "Expect runtime failures, memory leaks and other problems!"
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn ""
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
-	fi
-
-	local _n_permission_layout_checks=0
-	local _has_to_adjust_permissions=0
-	local _has_to_show_permission_warning=0
-
-	# Defaults to 1 to inform people doing a fresh installation
-	# that we ship modified {scgi,uwsgi,fastcgi}_params files
-	local _has_to_show_httpoxy_mitigation_notice=1
-
-	local _replacing_version=
-	for _replacing_version in ${REPLACING_VERSIONS}; do
-		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
-		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
-			# Should never happen:
-			# Package is abusing slots but doesn't allow multiple parallel installations.
-			# If we run into this situation it is unsafe to automatically adjust any
-			# permission...
-			_has_to_show_permission_warning=1
-
-			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
-				"You will have to adjust permissions on your own."
-
-			break
-		fi
-
-		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
-		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
-		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
-		# This was before we introduced multiple nginx versions so we
-		# do not need to distinguish between stable and mainline
-		local _need_to_fix_CVE2013_0337=1
-
-		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
-			# We are updating an installation which should already be fixed
-			_need_to_fix_CVE2013_0337=0
-			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
-		else
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
-		fi
-
-		# Do we need to inform about HTTPoxy mitigation?
-		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_show_httpoxy_mitigation_notice=1
-			debug-print "Need to inform about HTTPoxy mitigation!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.1-r2"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.3-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that the user has
-					# already seen the HTTPoxy mitigation notice because he/she is doing
-					# an update from previous version where we have already shown
-					# the warning. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation where we already informed
-				# that we are mitigating HTTPoxy per default
-				_has_to_show_httpoxy_mitigation_notice=0
-				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
-			else
-				_has_to_show_httpoxy_mitigation_notice=1
-				debug-print "Need to inform about HTTPoxy mitigation!"
-			fi
-		fi
-
-		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
-		# All branches up to 1.11 are affected
-		local _need_to_fix_CVE2016_1247=1
-
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.2-r3"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.6-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that we have already
-					# adjusted permissions or were never affected because user is
-					# doing an update from previous version which was safe or did
-					# the adjustments. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation which should already be adjusted
-				# or which was never affected
-				_need_to_fix_CVE2016_1247=0
-				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
-			else
-				_has_to_adjust_permissions=1
-				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-			fi
-		fi
-	done
-
-	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
-		# We do not DIE when chmod/chown commands are failing because
-		# package is already merged on user's system at this stage
-		# and we cannot retry without losing the information that
-		# the existing installation needs to adjust permissions.
-		# Instead we are going to a show a big warning ...
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The world-readable bit (if set) has been removed from the"
-			ewarn "following directories to mitigate a security bug"
-			ewarn "(CVE-2013-0337, bug #458726):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
-			chmod o-rwx \
-				"${EPREFIX%/}"/var/log/nginx \
-				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
-				_has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The permissions on the following directory have been reset in"
-			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "Also ensure that no other log directory used by any of your"
-			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-			ewarn "used by nginx can be abused to escalate privileges!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
-			# Should never happen ...
-			ewarn ""
-			ewarn "*************************************************************"
-			ewarn "***************         W A R N I N G         ***************"
-			ewarn "*************************************************************"
-			ewarn "The one-time only attempt to adjust permissions of the"
-			ewarn "existing nginx installation failed. Be aware that we will not"
-			ewarn "try to adjust the same permissions again because now you are"
-			ewarn "using a nginx version where we expect that the permissions"
-			ewarn "are already adjusted or that you know what you are doing and"
-			ewarn "want to keep custom permissions."
-			ewarn ""
-		fi
-	fi
-
-	# Sanity check for CVE-2016-1247
-	# Required to warn users who received the warning above and thought
-	# they could fix it by unmerging and re-merging the package or have
-	# unmerged a affected installation on purpose in the past leaving
-	# /var/log/nginx on their system due to keepdir/non-empty folder
-	# and are now installing the package again.
-	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
-	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
-	if [ $? -eq 0 ] ; then
-		# Cleanup -- no reason to die here!
-		rm -f "${_sanity_check_testfile}"
-
-		ewarn ""
-		ewarn "*************************************************************"
-		ewarn "***************         W A R N I N G         ***************"
-		ewarn "*************************************************************"
-		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
-		ewarn "(bug #605008) because nginx user is able to create files in"
-		ewarn ""
-		ewarn "  ${EPREFIX%/}/var/log/nginx"
-		ewarn ""
-		ewarn "Also ensure that no other log directory used by any of your"
-		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-		ewarn "used by nginx can be abused to escalate privileges!"
-	fi
-
-	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
-		# HTTPoxy mitigation
-		ewarn ""
-		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
-		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
-		ewarn "are sourcing one of the default"
-		ewarn ""
-		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
-		ewarn "  - 'scgi_params'"
-		ewarn "  - 'uwsgi_params'"
-		ewarn ""
-		ewarn "files in your server block(s)."
-		ewarn ""
-		ewarn "If this is causing any problems for you make sure that you are sourcing the"
-		ewarn "default parameters _before_ you set your own values."
-		ewarn "If you are relying on user-supplied proxy values you have to remove the"
-		ewarn "correlating lines from the file(s) mentioned above."
-		ewarn ""
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/files/, www-servers/nginx/

[Thomas Deutschmann]

commit:     da7d02ca95226161605c105a07d3d341fcb6477e
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Feb 18 16:04:41 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Feb 18 16:05:12 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=da7d02ca

www-servers/nginx: Fix building of nginScript with -O3

Closes: https://bugs.gentoo.org/647958
Package-Manager: Portage-2.3.24, Repoman-2.3.6

 .../nginx/files/njs-0.1.15-fix-o3-building.patch   | 24 ++++++++++++++++++++++
 www-servers/nginx/nginx-1.13.8-r1.ebuild           | 10 +++++++--
 2 files changed, 32 insertions(+), 2 deletions(-)

diff --git a/www-servers/nginx/files/njs-0.1.15-fix-o3-building.patch b/www-servers/nginx/files/njs-0.1.15-fix-o3-building.patch
new file mode 100644
index 00000000000..55b71368bc3
--- /dev/null
+++ b/www-servers/nginx/files/njs-0.1.15-fix-o3-building.patch
@@ -0,0 +1,24 @@
+Origin: https://hg.nginx.org/njs/rev/22cc52416e84
+
+Bug: https://bugs.gentoo.org/647958
+
+--- a/njs/njs_fs.c
++++ b/njs/njs_fs.c
+@@ -566,6 +566,8 @@
+     }
+ 
+     mode = NULL;
++    /* GCC complains about uninitialized flag.length. */
++    flag.length = 0;
+     flag.start = NULL;
+     encoding.length = 0;
+     encoding.start = NULL;
+@@ -753,6 +755,8 @@
+     }
+ 
+     mode = NULL;
++    /* GCC complains about uninitialized flag.length. */
++    flag.length = 0;
+     flag.start = NULL;
+     encoding.length = 0;
+     encoding.start = NULL;

diff --git a/www-servers/nginx/nginx-1.13.8-r1.ebuild b/www-servers/nginx/nginx-1.13.8-r1.ebuild
index 252999d3fe6..82920e6b89d 100644
--- a/www-servers/nginx/nginx-1.13.8-r1.ebuild
+++ b/www-servers/nginx/nginx-1.13.8-r1.ebuild
@@ -153,7 +153,7 @@ HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
 NJS_MODULE_PV="0.1.15"
 NJS_MODULE_P="njs-${NJS_MODULE_PV}"
 NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}/nginx"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
 
 # We handle deps below ourselves
 SSL_DEPS_SKIP=1
@@ -373,6 +373,12 @@ src_prepare() {
 		cd "${S}" || die
 	fi
 
+	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+		cd "${NJS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/njs-0.1.15-fix-o3-building.patch
+		cd "${S}" || die
+	fi
+
 	if use nginx_modules_http_upstream_check; then
 		#eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
 		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
@@ -576,7 +582,7 @@ src_configure() {
 	fi
 
 	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
-		myconf+=( --add-module=${NJS_MODULE_WD} )
+		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
 	fi
 
 	if use nginx_modules_http_brotli; then

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/files/, www-servers/nginx/

[Thomas Deutschmann]

commit:     9484e13a40320a485a8c5b07fb082e504f61693e
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Jun  5 16:22:24 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Jun  5 16:25:34 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9484e13a

www-servers/nginx: bump to v1.15.0 mainline

- HTTP LUA module bumped to v0.10.13

- HTTP VHost Traffic Status module bumped to v0.1.16

- HTTP memc module bumped to v0.19

- nginScript module bumped to v0.2.1

Package-Manager: Portage-2.3.40, Repoman-2.3.9

 www-servers/nginx/Manifest                         |    5 +
 ...1.15-allow-compilation-without-HTTP-cache.patch |   42 +
 www-servers/nginx/nginx-1.15.0.ebuild              | 1070 ++++++++++++++++++++
 3 files changed, 1117 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index e833d035860..b33c5cdfda7 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -2,6 +2,7 @@ DIST modsecurity-2.9.2.tar.gz 4298993 BLAKE2B 32a92148f0e1a1166cf888b8172fc55340
 DIST nginx-1.12.2.tar.gz 981687 BLAKE2B cca2d2b2267fee6feac7e91a5aaec229251e829203b02c207a6a89644fd6b1f2003d75225fadde9fdfc8dda444dc53c7ff0033a1e15a0f25019c878fc716d83f SHA512 3faa2043e237a7e1d15cc5661ac9d002a965220a78c25a863be9f19e01007347e53f776b61c229f6bd3d916cc1ccf92de260811f7b8092ec1b747fba7c0061f7
 DIST nginx-1.13.12.tar.gz 1016311 BLAKE2B 8b56e1e13c2598181153b9fe5f5a9ac6349ba1d6c98cfca708cb7ae1d3b6eec92df0132091107bc20c0ae1bec15020957c820f9414890151b4b1830f00af2d40 SHA512 c61668d4999d43ccd5ed8e99bd2f6992190503bb3c4103a22871e346feb8cbd049b04416ca7eb982c122a9a29bb21c6bb9f934411dd80bc02d946105f7917873
 DIST nginx-1.14.0.tar.gz 1016272 BLAKE2B 37d292955dc5f03f6b3b05fd434807ba1033fab73494866e8bacb99df1d595a7665b3722e9bb7227a119cabfea79be08a14e589565cedb78693fc3990cee4466 SHA512 40f086c9f741727e6f55802b6c3a66f081f7c49c38646dc1491aa3e3c35bae12b65ea6594386609fc849bcd99a60d7cd8ecb3f8d519e0e9ab8db01d653e930e9
+DIST nginx-1.15.0.tar.gz 1020675 BLAKE2B b8151877d06f96276fc8186dc8c32b8f1479e27c7f6bdba9158b1d945661891e14c39d2ab3ff8991b3906c5fffe721ab4014d709895a6e3f5bc22b687ea3c536 SHA512 7dbdf437d8d546059a8a03aa9c8d2be98dba7306e2daa49611c16f1e56413a25d4c622da13a815e8075a10f4a0cd744167deaeb971c0a69189940a7a05fa32df
 DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
 DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 BLAKE2B f2209c8b5eb5616a362f2b532245167a5940faad6d66d98a94b3bf2d1e33a73492d42c60a9ddad347a592362a002ff38273a5d1f61f663984a09e14a3fe35e0f SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
@@ -16,6 +17,7 @@ DIST ngx_http_headers_more-0.32.tar.gz 28033 BLAKE2B 51cff34f9a690a3c9a2a05b0408
 DIST ngx_http_headers_more-0.33.tar.gz 28130 BLAKE2B fe3097a7700ce5da087058f7bb44c95164b75137031187400473f6833bf0e33e5c4920807225a6ff94174fe7dbd6186cca176a33a629ca0911faab6804bdd12a SHA512 13165b1b8d4be281b8bd2404fa48d456013d560bace094c81da08a35dc6a4f025a809a3ae3a42be6bbf67abbcbe41e0730aba06f905220f3baeb01e1192a7d37
 DIST ngx_http_lua-0.10.10.tar.gz 611973 BLAKE2B c84d039087973cc6f718fd5cfcb043fd96893d790d2d65b448faf63ad7e3b8713d529c7804a436cc972bcabb9d4d3a8a605fe70a4ccf0a696dfc493656ac513c SHA512 3440e3fe714407f0ff61e0da207669655b443f7b70ef8a91693ea05ed96d8fde349d9c8ea30d5ff53ea3f8e4a5c7d0a2834e136c340b1b1365d62006339a1e4d
 DIST ngx_http_lua-0.10.11.tar.gz 616653 BLAKE2B 6985823752755b78b626f597600adf45592ce4c8dc3a513dd43b9f5152c9746a795faa3714124d74814ad88739dd8889de50e764ad2ea808c48570d1e297aeec SHA512 35e1510c9da71c8bdf028f4ac253404550a83bd904f6c5639697d78c76708625bb6deaa858a7d086b5582f71bb46578e8f804887a46ccfbaf5f4de8510cb1511
+DIST ngx_http_lua-0.10.13.tar.gz 624102 BLAKE2B 009506e4cd505a2e383e2c6344b62b541b3bbb28410d4ae2e88139227e22e19dd14372a902f172fadaf82a76c5875936caff4a8c98ff740456488e5ac6ff8c53 SHA512 8c316b9d12dc35779fcddc6bb90942c096f19fd8c2e090b8397e1e1ca6f0ebd7a4edddc03fddb31310147ba4e9db9fc4b3749cfd2323046d88045b3b3333f07d
 DIST ngx_http_naxsi-0.55.3.tar.gz 187416 BLAKE2B de4b00bcfa3e81b7f339bde9f2517e228d2f914c1ac76babd7db1419168814d30f44623a67c0f79475c232ca456792cbdc8f2b6ef3ebd1524eff3f2acfa87685 SHA512 9e8f41a5cd1342cc9b8aa334a603842d14a256aab1f4a21205bb1278aecbb0c49e39c889d8113a5b41aad2efeaa2ed9f11cba6929173f50add91f54c4c59c8a0
 DIST ngx_http_push_stream-0.5.2.tar.gz 182008 BLAKE2B b53c1269a5b96b35054011879dc2288ec7c9dd3965a1d4cea73fb7804626797b3cf7929ffa00fb0fc7479f5d6a7f8d006dbdde1ffa435f878c7cc9278e6cca00 SHA512 ee8bf9ece652da6aa5a39879298bba70d1842696545259f3f5e302cc61397b35f016364805805f9ab1914fc39ed2f07c015e042155789073e3d1fdc02a0783de
 DIST ngx_http_push_stream-0.5.4.tar.gz 183493 BLAKE2B ccae3113071cee38fa6a7accd580922dc2fc9fa22af737f400c2c5f59352d93ca6cceb47f2aee70dfc111afdf98d27aeb64ddc5a4dbf617359ea4da09486ac7f SHA512 467ae49409adb675979ff591f98df8c96d71ab5ebc2ef9b3c9430e38e7e84d311b4a98c2b1cb1886d895735223dd2a43370aab61b57b34adb1427c184e6b8c86
@@ -24,9 +26,12 @@ DIST ngx_http_upload_progress-0.9.2-r1.tar.gz 17268 BLAKE2B 7bbbf52e326c64a00833
 DIST ngx_http_upstream_check-31b1b42873fa56620d8a873ac13f5f26b52d0cd6.tar.gz 130052 BLAKE2B 0ff95fc9780193b514fc7b28f6c5c1a58942cd54472a495a1812a48ef4039390241c20c8a3e8dfd6168e87df3a9e3b37e9c33f11d13bdf5fb0d1f37041fe4ee8 SHA512 e7ea6712c27fd2610e8681b7f687e24c94cd7558d6f19f87568d4c2169115678a61c58b1cd3686a927173b566ff1e10cb1fb767fe63db61f860a77bac9792f9b
 DIST ngx_http_upstream_check-9aecf15ec379fe98f62355c57b60c0bc83296f04.tar.gz 130073 BLAKE2B 3c93cef79425a46e22ae39adf13d5ebb0e5d36f5d6be8555ec068dd0017918f5355d82fbbe90ba934e58c52e89c2096e24012f75390c7159d1ebacfaaa112308 SHA512 fad2a0d3ac332b6e67c52e3525f6df8a432df3e92bc173190b8107fba7f24476ab9dae4824630299af68c15e856409bd47a3a79fb5b65e03a5133eb90142b8fc
 DIST ngx_http_vhost_traffic_status-0.1.15-gentoo.tar.gz 371234 BLAKE2B 6c164d8c5ee4f3a6729989d9ab2ba874dd5dc285f5c52baf50b05880f184d1ef779f320efa36db8228ab15a8885e972664aee2b1d367279edbf840e41a4c8108 SHA512 63bb0d576fb896526e13fd624eb61b0562756d9aef9124be3d4e845312885838b96d93a4233b15e1b0449714c9689ef1e88b680f23f5d9c909b31026d8c13d08
+DIST ngx_http_vhost_traffic_status-0.1.16.tar.gz 371717 BLAKE2B 0f29f721ca38788343de52c7462efcfe846161ed8dc8433979a1189ad2d11f6917c552a58113de1306ad657d8cb62a22d0a94c053801c2e4becdbcd2f16f1552 SHA512 a85f17bff4e47d6e4e45b9493d759d493a3b4564c76ce7c526ff9afe99d4bd7191cecf17c3bad2bd19cdf5dfa4c4eba21baff8bdbf08550485ee4956963f9e73
 DIST ngx_memc_module-0.18.tar.gz 37113 BLAKE2B e5b89c7c7a3e6f8ee7c1b2623fbec78851a9d7c1c37c1924e8c010b45a4e034afe504a5e228361ad88cf57e83ce06f5f6d635301f8201f1ebd7e99f30447d524 SHA512 8087bd361fb4e522493e66f93d59c9b13245d6eef0fe4a53f619d1826feb02af60769c0a04f87f2faf5308a44b794ef146a445bdbe7cbc7f21c0edaaba08c706
+DIST ngx_memc_module-0.19.tar.gz 34654 BLAKE2B 536384c264d88535179634d459d3a47b1d9b11885fbce46fbe9fa4df3dce365320b5963c56aecde3b0039d4f9954943d95f25c5f4fada6256861257f82ebbb12 SHA512 a64ec8dffcd011db2cd12b501271bf5c408f2f31fd2bf477b8db4e88adc5bb5732c4c2181ed8378cab6a937869d8f747ef52b22fe256c90df8440b91890edbe7
 DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc8b2b93f692615a1b39c1f327393647f80e7a27e6929799a6e7e3469b61e1cd72f7821f7a820da4dd7cd9a96d85c SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e
 DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
 DIST ngx_rtmp-1.2.0.tar.gz 519895 BLAKE2B a5a888473dd2ba2320ff74017e8445d96fa3e361acc559edb270ad075c937ab5630e537a67ad8ed134a7ec5809ae63e38791ac25ceab3e26160469be8cc2e82c SHA512 8965d9bee91a46375516ccd012d1c43cd23f15c0630d11ed01472b9a84504574b476f22c5584f43c972a8f923e9ae025b9b60c64aace0ed159c7279bcbd376c8
 DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
 DIST njs-0.2.0.tar.gz 251246 BLAKE2B 76c0be4a98d5782df8d9ecb4b5a6a463a77fd59078f5d25a3763ea5e8633906966fc0a34c98dd9dca2dcc1f54994b0f47d8e80a5903faabbe43865930c2bc267 SHA512 8b1975594f47e49f6d245a99e64e59a3eebf916b9e7e8626e5b1487275688e3dd84691e99ed2207698724dc82d75c54176eb88b9104e847d1cd7db7ead89a391
+DIST njs-0.2.1.tar.gz 252791 BLAKE2B a8507c016cef8481c456e675bd4972a018a049933e5ba2d03027f0c871c264d6848d25a9a715fa4e7920b63bfe86470b4f835790296dba6227aad16b80e5a849 SHA512 b924be63b3d8a996dfd5dd120a3103619c52a9193ca442a21f85f2d5e0a30690fa67401125e775cdf2127f659a61e34b8defe63f7fd33e318cca2a7f99c44154

diff --git a/www-servers/nginx/files/http_vhost_traffic_status-0.1.15-allow-compilation-without-HTTP-cache.patch b/www-servers/nginx/files/http_vhost_traffic_status-0.1.15-allow-compilation-without-HTTP-cache.patch
new file mode 100644
index 00000000000..e3ac786a62e
--- /dev/null
+++ b/www-servers/nginx/files/http_vhost_traffic_status-0.1.15-allow-compilation-without-HTTP-cache.patch
@@ -0,0 +1,42 @@
+From 75118e8998d876b5cd0f285a1fa184c3b6ba7fd6 Mon Sep 17 00:00:00 2001
+From: Thomas Deutschmann <whissi@whissi.de>
+Date: Fri, 16 Feb 2018 20:59:07 +0100
+Subject: [PATCH] Fix compilation without HTTP cache.
+
+---
+ src/ngx_http_vhost_traffic_status_control.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/ngx_http_vhost_traffic_status_control.c b/src/ngx_http_vhost_traffic_status_control.c
+index ade1475..ee5fd3c 100644
+--- a/src/ngx_http_vhost_traffic_status_control.c
++++ b/src/ngx_http_vhost_traffic_status_control.c
+@@ -196,6 +196,7 @@ ngx_http_vhost_traffic_status_node_status_group(
+                             control->r, *control->buf);
+         break;
+ 
++#if (NGX_HTTP_CACHE)
+     case NGX_HTTP_VHOST_TRAFFIC_STATUS_UPSTREAM_CC:
+         *control->buf = ngx_sprintf(*control->buf,
+                                     NGX_HTTP_VHOST_TRAFFIC_STATUS_JSON_FMT_CACHE_S);
+@@ -203,6 +204,7 @@ ngx_http_vhost_traffic_status_node_status_group(
+         *control->buf = ngx_http_vhost_traffic_status_display_set_cache(
+                             control->r, *control->buf, node);
+         break;
++#endif
+ 
+     case NGX_HTTP_VHOST_TRAFFIC_STATUS_UPSTREAM_FG:
+         *control->buf = ngx_sprintf(*control->buf,
+@@ -317,10 +319,12 @@ ngx_http_vhost_traffic_status_node_status_zone(
+         }
+         break;
+ 
++#if (NGX_HTTP_CACHE)
+     case NGX_HTTP_VHOST_TRAFFIC_STATUS_UPSTREAM_CC:
+         *control->buf = ngx_http_vhost_traffic_status_display_set_cache_node(control->r,
+                             *control->buf, vtsn);
+         break;
++#endif
+ 
+     case NGX_HTTP_VHOST_TRAFFIC_STATUS_UPSTREAM_FG:
+         (void) ngx_http_vhost_traffic_status_node_position_key(&dst, 2);

diff --git a/www-servers/nginx/nginx-1.15.0.ebuild b/www-servers/nginx/nginx-1.15.0.ebuild
new file mode 100644
index 00000000000..7d5c01213da
--- /dev/null
+++ b/www-servers/nginx/nginx-1.15.0.ebuild
@@ -0,0 +1,1070 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="37ab9b2933a0b756ba3447000b7f31d432ed8228"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.2"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.13"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.1.16"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.3"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.1.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.2"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.2.1"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+	proxy referer rewrite scgi ssi split_clients upstream_hash
+	upstream_ip_hash upstream_keepalive upstream_least_conn
+	upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_auth_ldap
+	http_auth_pam
+	http_brotli
+	http_cache_purge
+	http_dav_ext
+	http_echo
+	http_fancyindex
+	http_headers_more
+	http_javascript
+	http_lua
+	http_memc
+	http_metrics
+	http_mogilefs
+	http_naxsi
+	http_push_stream
+	http_security
+	http_slowfs_cache
+	http_sticky
+	http_upload_progress
+	http_upstream_check
+	http_vhost_traffic_status
+	stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_brotli? ( app-arch/brotli:= )
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	nginx_modules_http_brotli? ( virtual/pkgconfig )
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_grpc? ( http2 )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_brotli; then
+		cd "${HTTP_BROTLI_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_brotli-detect-brotli-r1.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_vhost_traffic_status; then
+		cd "${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_vhost_traffic_status-0.1.15-allow-compilation-without-HTTP-cache.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+		cd "${S}" || die
+	fi
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_vhost_traffic_status; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+	fi
+
+	if use nginx_modules_http_brotli; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_stream_javascript; then
+		stream_enabled=1
+	fi
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	local WITHOUT_IPV6=
+	if ! use ipv6; then
+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+	fi
+
+	if [[ -n "${EXTRA_ECONF}" ]]; then
+		myconf+=( ${EXTRA_ECONF} )
+		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		--with-compat \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+	newconfd "${FILESDIR}"/nginx.confd nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 ${keepdir_list}
+	fowners ${PN}:${PN} ${keepdir_list}
+
+	fperms 0710 /var/log/nginx
+	fowners 0:${PN} /var/log/nginx
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn ""
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua; then
+		ewarn ""
+		ewarn "While you can build lua 3rd party module against ${P}"
+		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+		ewarn "officially supported target yet. You are on your own."
+		ewarn "Expect runtime failures, memory leaks and other problems!"
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn ""
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+	fi
+
+	local _n_permission_layout_checks=0
+	local _has_to_adjust_permissions=0
+	local _has_to_show_permission_warning=0
+
+	# Defaults to 1 to inform people doing a fresh installation
+	# that we ship modified {scgi,uwsgi,fastcgi}_params files
+	local _has_to_show_httpoxy_mitigation_notice=1
+
+	local _replacing_version=
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+			# Should never happen:
+			# Package is abusing slots but doesn't allow multiple parallel installations.
+			# If we run into this situation it is unsafe to automatically adjust any
+			# permission...
+			_has_to_show_permission_warning=1
+
+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+				"You will have to adjust permissions on your own."
+
+			break
+		fi
+
+		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+		# This was before we introduced multiple nginx versions so we
+		# do not need to distinguish between stable and mainline
+		local _need_to_fix_CVE2013_0337=1
+
+		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+			# We are updating an installation which should already be fixed
+			_need_to_fix_CVE2013_0337=0
+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+		else
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+		fi
+
+		# Do we need to inform about HTTPoxy mitigation?
+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_show_httpoxy_mitigation_notice=1
+			debug-print "Need to inform about HTTPoxy mitigation!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.1-r2"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.3-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that the user has
+					# already seen the HTTPoxy mitigation notice because he/she is doing
+					# an update from previous version where we have already shown
+					# the warning. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation where we already informed
+				# that we are mitigating HTTPoxy per default
+				_has_to_show_httpoxy_mitigation_notice=0
+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+			else
+				_has_to_show_httpoxy_mitigation_notice=1
+				debug-print "Need to inform about HTTPoxy mitigation!"
+			fi
+		fi
+
+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+		# All branches up to 1.11 are affected
+		local _need_to_fix_CVE2016_1247=1
+
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.2-r3"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.6-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that we have already
+					# adjusted permissions or were never affected because user is
+					# doing an update from previous version which was safe or did
+					# the adjustments. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation which should already be adjusted
+				# or which was never affected
+				_need_to_fix_CVE2016_1247=0
+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+			else
+				_has_to_adjust_permissions=1
+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+			fi
+		fi
+	done
+
+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+		# We do not DIE when chmod/chown commands are failing because
+		# package is already merged on user's system at this stage
+		# and we cannot retry without losing the information that
+		# the existing installation needs to adjust permissions.
+		# Instead we are going to a show a big warning ...
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The world-readable bit (if set) has been removed from the"
+			ewarn "following directories to mitigate a security bug"
+			ewarn "(CVE-2013-0337, bug #458726):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+			chmod o-rwx \
+				"${EPREFIX%/}"/var/log/nginx \
+				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+				_has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The permissions on the following directory have been reset in"
+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "Also ensure that no other log directory used by any of your"
+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+			ewarn "used by nginx can be abused to escalate privileges!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+			# Should never happen ...
+			ewarn ""
+			ewarn "*************************************************************"
+			ewarn "***************         W A R N I N G         ***************"
+			ewarn "*************************************************************"
+			ewarn "The one-time only attempt to adjust permissions of the"
+			ewarn "existing nginx installation failed. Be aware that we will not"
+			ewarn "try to adjust the same permissions again because now you are"
+			ewarn "using a nginx version where we expect that the permissions"
+			ewarn "are already adjusted or that you know what you are doing and"
+			ewarn "want to keep custom permissions."
+			ewarn ""
+		fi
+	fi
+
+	# Sanity check for CVE-2016-1247
+	# Required to warn users who received the warning above and thought
+	# they could fix it by unmerging and re-merging the package or have
+	# unmerged a affected installation on purpose in the past leaving
+	# /var/log/nginx on their system due to keepdir/non-empty folder
+	# and are now installing the package again.
+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+	if [ $? -eq 0 ] ; then
+		# Cleanup -- no reason to die here!
+		rm -f "${_sanity_check_testfile}"
+
+		ewarn ""
+		ewarn "*************************************************************"
+		ewarn "***************         W A R N I N G         ***************"
+		ewarn "*************************************************************"
+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+		ewarn "(bug #605008) because nginx user is able to create files in"
+		ewarn ""
+		ewarn "  ${EPREFIX%/}/var/log/nginx"
+		ewarn ""
+		ewarn "Also ensure that no other log directory used by any of your"
+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+		ewarn "used by nginx can be abused to escalate privileges!"
+	fi
+
+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+		# HTTPoxy mitigation
+		ewarn ""
+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+		ewarn "are sourcing one of the default"
+		ewarn ""
+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
+		ewarn "  - 'scgi_params'"
+		ewarn "  - 'uwsgi_params'"
+		ewarn ""
+		ewarn "files in your server block(s)."
+		ewarn ""
+		ewarn "If this is causing any problems for you make sure that you are sourcing the"
+		ewarn "default parameters _before_ you set your own values."
+		ewarn "If you are relying on user-supplied proxy values you have to remove the"
+		ewarn "correlating lines from the file(s) mentioned above."
+		ewarn ""
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/files/, www-servers/nginx/

[Thomas Deutschmann]

commit:     27da4cba0ea86c7d562152c0df33c7315e8c8d06
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Jun 22 10:36:32 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Jun 22 10:36:51 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=27da4cba

www-servers/nginx: security cleanup

Bug: https://bugs.gentoo.org/658736
Package-Manager: Portage-2.3.40, Repoman-2.3.9

 www-servers/nginx/Manifest                         |    5 -
 ...1.15-allow-compilation-without-HTTP-cache.patch |   42 -
 www-servers/nginx/nginx-1.13.12-r1.ebuild          | 1064 --------------------
 3 files changed, 1111 deletions(-)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 6b64157a4ab..613d35ccc7a 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,13 +1,11 @@
 DIST modsecurity-2.9.2.tar.gz 4298993 BLAKE2B 32a92148f0e1a1166cf888b8172fc55340c5712c9b770583703c74db450e77226629640c9db03f32e9f28397e6488669d06a89e4d31cb5ab5fff26b30ad843e0 SHA512 69c87ef6f7b6411f4803eb25af32969a1da59722121257c2edf345a3f5a4ab9ae8a49c886cbbfc722c5bda91c6d6ea55232f968c0a0407d7d7b3af53dc862c21
 DIST nginx-1.12.2.tar.gz 981687 BLAKE2B cca2d2b2267fee6feac7e91a5aaec229251e829203b02c207a6a89644fd6b1f2003d75225fadde9fdfc8dda444dc53c7ff0033a1e15a0f25019c878fc716d83f SHA512 3faa2043e237a7e1d15cc5661ac9d002a965220a78c25a863be9f19e01007347e53f776b61c229f6bd3d916cc1ccf92de260811f7b8092ec1b747fba7c0061f7
-DIST nginx-1.13.12.tar.gz 1016311 BLAKE2B 8b56e1e13c2598181153b9fe5f5a9ac6349ba1d6c98cfca708cb7ae1d3b6eec92df0132091107bc20c0ae1bec15020957c820f9414890151b4b1830f00af2d40 SHA512 c61668d4999d43ccd5ed8e99bd2f6992190503bb3c4103a22871e346feb8cbd049b04416ca7eb982c122a9a29bb21c6bb9f934411dd80bc02d946105f7917873
 DIST nginx-1.14.0.tar.gz 1016272 BLAKE2B 37d292955dc5f03f6b3b05fd434807ba1033fab73494866e8bacb99df1d595a7665b3722e9bb7227a119cabfea79be08a14e589565cedb78693fc3990cee4466 SHA512 40f086c9f741727e6f55802b6c3a66f081f7c49c38646dc1491aa3e3c35bae12b65ea6594386609fc849bcd99a60d7cd8ecb3f8d519e0e9ab8db01d653e930e9
 DIST nginx-1.15.0.tar.gz 1020675 BLAKE2B b8151877d06f96276fc8186dc8c32b8f1479e27c7f6bdba9158b1d945661891e14c39d2ab3ff8991b3906c5fffe721ab4014d709895a6e3f5bc22b687ea3c536 SHA512 7dbdf437d8d546059a8a03aa9c8d2be98dba7306e2daa49611c16f1e56413a25d4c622da13a815e8075a10f4a0cd744167deaeb971c0a69189940a7a05fa32df
 DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
 DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 BLAKE2B f2209c8b5eb5616a362f2b532245167a5940faad6d66d98a94b3bf2d1e33a73492d42c60a9ddad347a592362a002ff38273a5d1f61f663984a09e14a3fe35e0f SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
 DIST ngx_brotli-0.1.2.tar.gz 12668 BLAKE2B 904d3f28dcf9f2d5a8eefa2ab8ff991e34624897a9932e351ec4cea05f2b0dbee34ea495de2d546510a556fb10041b388be963f28fecfcd7dc8638f950b36fd0 SHA512 661b4ce5cc678600e5df6be7588b0f0d5d914df9a6788c994cebfa25e211720b9e7d2c08fc34eb6a84743ae2929920ebf2888075e122ac23816ab7c0f3ef4b76
-DIST ngx_brotli-37ab9b2933a0b756ba3447000b7f31d432ed8228.tar.gz 12692 BLAKE2B 8b969fcd7daf37d790e81ff6dd4d43a210c9097052cc7a2db9f2aa8ad3115ffe175b0839210c234610e5731be35327eb08eb0eb3f28783d272b172df07259651 SHA512 fb12e4b50b9a472ee2f4fe08ffd86c38072a4c254a4f99627d6f2411f915c139f6e7cfe41f29222bc70b57942cde85d8ef2cd5458638201c751cd4c818d65f10
 DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 BLAKE2B e4e987a85b2283ba540b4b894382e65dac7fbca23e233b1031b38828908088370cdb1a9bded4d4ee1ceb1c2e1d506dc2b6f4ba5f6ee94248e863def5a1c8dd1a SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614
 DIST ngx_http_auth_pam-1.5.1.tar.gz 6863 BLAKE2B 00807cc3db8f6c007c968b8a30d7f6094b7d9db4eaa60d211fcb3ac60aeb28c5f8193578a7e1ca67acbbf57a319c8442fe44efc1e193927c3bce5961539f9c16 SHA512 973b94874d8a58c0df0ac2d31571eafc1e80b11179cba33ec88421a826207fbf7e99b0387e135a1ca48d82daacb78f19a4c21d3a27b49b16dc86b4748bb72261
 DIST ngx_http_cache_purge-2.3.tar.gz 12248 BLAKE2B f83b267f4c19a9d4af5964522695814c164d200ecd4108bf8f6b5c21388eba8af989bdda646dee18a03174211e8c090a04736bbeb44043cb0e19fbccdc66278e SHA512 50a31dbf2216a6fae74a186af56dec4600cf55777e76a10ac0075f609e7737135aab063a64f2590dddcd0369ebebd4a523027f3d9ebcca74f7b4355be1c5dcc0
@@ -18,7 +16,6 @@ DIST ngx_http_geoip2_module-2.0.tar.gz 6766 BLAKE2B 338c9503530ebba6076a2222fe9d
 DIST ngx_http_headers_more-0.32.tar.gz 28033 BLAKE2B 51cff34f9a690a3c9a2a05b04084cdd51530b1f41baa1d487bd5bd4349d37a6cc48edffb78466572bee3e42aea10f56e1f8bc47d53a2790023ff831eaa72381f SHA512 e42582b45c3111de3940bbeb67ce161aca2d55adcfb00c61c12256fa0e36221d38723013f36edbcf6d1b520f8dfb49d4657df8a956e66d36e68425afad382bd1
 DIST ngx_http_headers_more-0.33.tar.gz 28130 BLAKE2B fe3097a7700ce5da087058f7bb44c95164b75137031187400473f6833bf0e33e5c4920807225a6ff94174fe7dbd6186cca176a33a629ca0911faab6804bdd12a SHA512 13165b1b8d4be281b8bd2404fa48d456013d560bace094c81da08a35dc6a4f025a809a3ae3a42be6bbf67abbcbe41e0730aba06f905220f3baeb01e1192a7d37
 DIST ngx_http_lua-0.10.10.tar.gz 611973 BLAKE2B c84d039087973cc6f718fd5cfcb043fd96893d790d2d65b448faf63ad7e3b8713d529c7804a436cc972bcabb9d4d3a8a605fe70a4ccf0a696dfc493656ac513c SHA512 3440e3fe714407f0ff61e0da207669655b443f7b70ef8a91693ea05ed96d8fde349d9c8ea30d5ff53ea3f8e4a5c7d0a2834e136c340b1b1365d62006339a1e4d
-DIST ngx_http_lua-0.10.11.tar.gz 616653 BLAKE2B 6985823752755b78b626f597600adf45592ce4c8dc3a513dd43b9f5152c9746a795faa3714124d74814ad88739dd8889de50e764ad2ea808c48570d1e297aeec SHA512 35e1510c9da71c8bdf028f4ac253404550a83bd904f6c5639697d78c76708625bb6deaa858a7d086b5582f71bb46578e8f804887a46ccfbaf5f4de8510cb1511
 DIST ngx_http_lua-0.10.13.tar.gz 624102 BLAKE2B 009506e4cd505a2e383e2c6344b62b541b3bbb28410d4ae2e88139227e22e19dd14372a902f172fadaf82a76c5875936caff4a8c98ff740456488e5ac6ff8c53 SHA512 8c316b9d12dc35779fcddc6bb90942c096f19fd8c2e090b8397e1e1ca6f0ebd7a4edddc03fddb31310147ba4e9db9fc4b3749cfd2323046d88045b3b3333f07d
 DIST ngx_http_naxsi-0.55.3.tar.gz 187416 BLAKE2B de4b00bcfa3e81b7f339bde9f2517e228d2f914c1ac76babd7db1419168814d30f44623a67c0f79475c232ca456792cbdc8f2b6ef3ebd1524eff3f2acfa87685 SHA512 9e8f41a5cd1342cc9b8aa334a603842d14a256aab1f4a21205bb1278aecbb0c49e39c889d8113a5b41aad2efeaa2ed9f11cba6929173f50add91f54c4c59c8a0
 DIST ngx_http_push_stream-0.5.2.tar.gz 182008 BLAKE2B b53c1269a5b96b35054011879dc2288ec7c9dd3965a1d4cea73fb7804626797b3cf7929ffa00fb0fc7479f5d6a7f8d006dbdde1ffa435f878c7cc9278e6cca00 SHA512 ee8bf9ece652da6aa5a39879298bba70d1842696545259f3f5e302cc61397b35f016364805805f9ab1914fc39ed2f07c015e042155789073e3d1fdc02a0783de
@@ -27,7 +24,6 @@ DIST ngx_http_slowfs_cache-1.10.tar.gz 11809 BLAKE2B 54ec1bd0d1cc43cdaafc93ebd46
 DIST ngx_http_upload_progress-0.9.2-r1.tar.gz 17268 BLAKE2B 7bbbf52e326c64a008339d2f80f123630fd314f705224c8f1c7d0c90bb4d31a24aaa95df55c9022838179114a031731a894992960aecc727635e0e2a0761d2c4 SHA512 c31c46344d49704389722325a041b9cd170fa290acefe92cfc572c07f711cd3039de78f28df48ca7dcb79b2e4bbe442580aaaf4d92883fd3a14bf41d66dd9d8c
 DIST ngx_http_upstream_check-31b1b42873fa56620d8a873ac13f5f26b52d0cd6.tar.gz 130052 BLAKE2B 0ff95fc9780193b514fc7b28f6c5c1a58942cd54472a495a1812a48ef4039390241c20c8a3e8dfd6168e87df3a9e3b37e9c33f11d13bdf5fb0d1f37041fe4ee8 SHA512 e7ea6712c27fd2610e8681b7f687e24c94cd7558d6f19f87568d4c2169115678a61c58b1cd3686a927173b566ff1e10cb1fb767fe63db61f860a77bac9792f9b
 DIST ngx_http_upstream_check-9aecf15ec379fe98f62355c57b60c0bc83296f04.tar.gz 130073 BLAKE2B 3c93cef79425a46e22ae39adf13d5ebb0e5d36f5d6be8555ec068dd0017918f5355d82fbbe90ba934e58c52e89c2096e24012f75390c7159d1ebacfaaa112308 SHA512 fad2a0d3ac332b6e67c52e3525f6df8a432df3e92bc173190b8107fba7f24476ab9dae4824630299af68c15e856409bd47a3a79fb5b65e03a5133eb90142b8fc
-DIST ngx_http_vhost_traffic_status-0.1.15-gentoo.tar.gz 371234 BLAKE2B 6c164d8c5ee4f3a6729989d9ab2ba874dd5dc285f5c52baf50b05880f184d1ef779f320efa36db8228ab15a8885e972664aee2b1d367279edbf840e41a4c8108 SHA512 63bb0d576fb896526e13fd624eb61b0562756d9aef9124be3d4e845312885838b96d93a4233b15e1b0449714c9689ef1e88b680f23f5d9c909b31026d8c13d08
 DIST ngx_http_vhost_traffic_status-0.1.17.tar.gz 380239 BLAKE2B ca642825d02a11d289ca45dfc6231e8ddb13d72bce0343beb2e7fea8f255ac30bdc7751ae1c521f42c5de0245ecd0cff31fea050f7c5b4610620e43c6f4250f2 SHA512 cb9abe922b0494c2587e404b0d603a0441a9a328ef5a83b11e0323e8038010e7d69dfa0d9e5c7122d7bd9b6799a684d4d934e5473442f9f41344c8d38d0d6550
 DIST ngx_memc_module-0.18.tar.gz 37113 BLAKE2B e5b89c7c7a3e6f8ee7c1b2623fbec78851a9d7c1c37c1924e8c010b45a4e034afe504a5e228361ad88cf57e83ce06f5f6d635301f8201f1ebd7e99f30447d524 SHA512 8087bd361fb4e522493e66f93d59c9b13245d6eef0fe4a53f619d1826feb02af60769c0a04f87f2faf5308a44b794ef146a445bdbe7cbc7f21c0edaaba08c706
 DIST ngx_memc_module-0.19.tar.gz 34654 BLAKE2B 536384c264d88535179634d459d3a47b1d9b11885fbce46fbe9fa4df3dce365320b5963c56aecde3b0039d4f9954943d95f25c5f4fada6256861257f82ebbb12 SHA512 a64ec8dffcd011db2cd12b501271bf5c408f2f31fd2bf477b8db4e88adc5bb5732c4c2181ed8378cab6a937869d8f747ef52b22fe256c90df8440b91890edbe7
@@ -35,5 +31,4 @@ DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc
 DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
 DIST ngx_rtmp-1.2.0.tar.gz 519895 BLAKE2B a5a888473dd2ba2320ff74017e8445d96fa3e361acc559edb270ad075c937ab5630e537a67ad8ed134a7ec5809ae63e38791ac25ceab3e26160469be8cc2e82c SHA512 8965d9bee91a46375516ccd012d1c43cd23f15c0630d11ed01472b9a84504574b476f22c5584f43c972a8f923e9ae025b9b60c64aace0ed159c7279bcbd376c8
 DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
-DIST njs-0.2.0.tar.gz 251246 BLAKE2B 76c0be4a98d5782df8d9ecb4b5a6a463a77fd59078f5d25a3763ea5e8633906966fc0a34c98dd9dca2dcc1f54994b0f47d8e80a5903faabbe43865930c2bc267 SHA512 8b1975594f47e49f6d245a99e64e59a3eebf916b9e7e8626e5b1487275688e3dd84691e99ed2207698724dc82d75c54176eb88b9104e847d1cd7db7ead89a391
 DIST njs-0.2.2.tar.gz 253349 BLAKE2B 1ca508677a251ff38f5bca01292f2c7d2c41ac1c5d2cffae8b565694cbed9ebb2811b7e8893ea03384810e169ebb0cccfbf51d36166fcbc32e77fb30ba90d664 SHA512 e309b06b66e955873b82ef6c8881c3a98e0cf22e379b292c7561947db34c28990ade5461f42561e73c79c8e1e7914a990a003926054f884551edc16015ac4792

diff --git a/www-servers/nginx/files/http_vhost_traffic_status-0.1.15-allow-compilation-without-HTTP-cache.patch b/www-servers/nginx/files/http_vhost_traffic_status-0.1.15-allow-compilation-without-HTTP-cache.patch
deleted file mode 100644
index e3ac786a62e..00000000000
--- a/www-servers/nginx/files/http_vhost_traffic_status-0.1.15-allow-compilation-without-HTTP-cache.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 75118e8998d876b5cd0f285a1fa184c3b6ba7fd6 Mon Sep 17 00:00:00 2001
-From: Thomas Deutschmann <whissi@whissi.de>
-Date: Fri, 16 Feb 2018 20:59:07 +0100
-Subject: [PATCH] Fix compilation without HTTP cache.
-
----
- src/ngx_http_vhost_traffic_status_control.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/src/ngx_http_vhost_traffic_status_control.c b/src/ngx_http_vhost_traffic_status_control.c
-index ade1475..ee5fd3c 100644
---- a/src/ngx_http_vhost_traffic_status_control.c
-+++ b/src/ngx_http_vhost_traffic_status_control.c
-@@ -196,6 +196,7 @@ ngx_http_vhost_traffic_status_node_status_group(
-                             control->r, *control->buf);
-         break;
- 
-+#if (NGX_HTTP_CACHE)
-     case NGX_HTTP_VHOST_TRAFFIC_STATUS_UPSTREAM_CC:
-         *control->buf = ngx_sprintf(*control->buf,
-                                     NGX_HTTP_VHOST_TRAFFIC_STATUS_JSON_FMT_CACHE_S);
-@@ -203,6 +204,7 @@ ngx_http_vhost_traffic_status_node_status_group(
-         *control->buf = ngx_http_vhost_traffic_status_display_set_cache(
-                             control->r, *control->buf, node);
-         break;
-+#endif
- 
-     case NGX_HTTP_VHOST_TRAFFIC_STATUS_UPSTREAM_FG:
-         *control->buf = ngx_sprintf(*control->buf,
-@@ -317,10 +319,12 @@ ngx_http_vhost_traffic_status_node_status_zone(
-         }
-         break;
- 
-+#if (NGX_HTTP_CACHE)
-     case NGX_HTTP_VHOST_TRAFFIC_STATUS_UPSTREAM_CC:
-         *control->buf = ngx_http_vhost_traffic_status_display_set_cache_node(control->r,
-                             *control->buf, vtsn);
-         break;
-+#endif
- 
-     case NGX_HTTP_VHOST_TRAFFIC_STATUS_UPSTREAM_FG:
-         (void) ngx_http_vhost_traffic_status_node_position_key(&dst, 2);

diff --git a/www-servers/nginx/nginx-1.13.12-r1.ebuild b/www-servers/nginx/nginx-1.13.12-r1.ebuild
deleted file mode 100644
index e38965dd7ec..00000000000
--- a/www-servers/nginx/nginx-1.13.12-r1.ebuild
+++ /dev/null
@@ -1,1064 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="37ab9b2933a0b756ba3447000b7f31d432ed8228"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.2"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.11"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.1.15-gentoo"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/Whissi/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.55.3"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.1.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.2"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.18"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.2.0"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
-	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
-	proxy referer rewrite scgi ssi split_clients upstream_hash
-	upstream_ip_hash upstream_keepalive upstream_least_conn
-	upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
-	upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_auth_ldap
-	http_auth_pam
-	http_brotli
-	http_cache_purge
-	http_dav_ext
-	http_echo
-	http_fancyindex
-	http_headers_more
-	http_javascript
-	http_lua
-	http_memc
-	http_metrics
-	http_mogilefs
-	http_naxsi
-	http_push_stream
-	http_security
-	http_slowfs_cache
-	http_sticky
-	http_upload_progress
-	http_upstream_check
-	http_vhost_traffic_status
-	stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( dev-libs/libpcre:= )
-	pcre-jit? ( dev-libs/libpcre:=[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_brotli? ( app-arch/brotli:= )
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
-	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl:= )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? (
-		dev-libs/apr:=
-		dev-libs/apr-util:=
-		dev-libs/libxml2:=
-		net-misc/curl
-		www-servers/apache
-	)
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	nginx_modules_http_brotli? ( virtual/pkgconfig )
-	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_grpc? ( http2 )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
-	if use nginx_modules_http_brotli; then
-		cd "${HTTP_BROTLI_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_brotli-detect-brotli-r1.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		eautoreconf
-
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upload_progress; then
-		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
-		cd "${S}" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		./configure \
-			--enable-standalone-module \
-			--disable-mlogc \
-			--with-ssdeep=no \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
-		cd "${S}" || die
-	fi
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_vhost_traffic_status; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
-		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
-	fi
-
-	if use nginx_modules_http_brotli; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM_STD; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			myconf+=( --without-stream_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_STREAM_OPT; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-			myconf+=( --with-stream_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_stream_javascript; then
-		stream_enabled=1
-	fi
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	local WITHOUT_IPV6=
-	if ! use ipv6; then
-		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
-	fi
-
-	if [[ -n "${EXTRA_ECONF}" ]]; then
-		myconf+=( ${EXTRA_ECONF} )
-		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		--with-compat \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
-	newconfd "${FILESDIR}"/nginx.confd nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 ${keepdir_list}
-	fowners ${PN}:${PN} ${keepdir_list}
-
-	fperms 0710 /var/log/nginx
-	fowners 0:${PN} /var/log/nginx
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn ""
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua; then
-		ewarn ""
-		ewarn "While you can build lua 3rd party module against ${P}"
-		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
-		ewarn "officially supported target yet. You are on your own."
-		ewarn "Expect runtime failures, memory leaks and other problems!"
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn ""
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
-	fi
-
-	local _n_permission_layout_checks=0
-	local _has_to_adjust_permissions=0
-	local _has_to_show_permission_warning=0
-
-	# Defaults to 1 to inform people doing a fresh installation
-	# that we ship modified {scgi,uwsgi,fastcgi}_params files
-	local _has_to_show_httpoxy_mitigation_notice=1
-
-	local _replacing_version=
-	for _replacing_version in ${REPLACING_VERSIONS}; do
-		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
-		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
-			# Should never happen:
-			# Package is abusing slots but doesn't allow multiple parallel installations.
-			# If we run into this situation it is unsafe to automatically adjust any
-			# permission...
-			_has_to_show_permission_warning=1
-
-			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
-				"You will have to adjust permissions on your own."
-
-			break
-		fi
-
-		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
-		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
-		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
-		# This was before we introduced multiple nginx versions so we
-		# do not need to distinguish between stable and mainline
-		local _need_to_fix_CVE2013_0337=1
-
-		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
-			# We are updating an installation which should already be fixed
-			_need_to_fix_CVE2013_0337=0
-			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
-		else
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
-		fi
-
-		# Do we need to inform about HTTPoxy mitigation?
-		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_show_httpoxy_mitigation_notice=1
-			debug-print "Need to inform about HTTPoxy mitigation!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.1-r2"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.3-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that the user has
-					# already seen the HTTPoxy mitigation notice because he/she is doing
-					# an update from previous version where we have already shown
-					# the warning. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation where we already informed
-				# that we are mitigating HTTPoxy per default
-				_has_to_show_httpoxy_mitigation_notice=0
-				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
-			else
-				_has_to_show_httpoxy_mitigation_notice=1
-				debug-print "Need to inform about HTTPoxy mitigation!"
-			fi
-		fi
-
-		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
-		# All branches up to 1.11 are affected
-		local _need_to_fix_CVE2016_1247=1
-
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.2-r3"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.6-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that we have already
-					# adjusted permissions or were never affected because user is
-					# doing an update from previous version which was safe or did
-					# the adjustments. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation which should already be adjusted
-				# or which was never affected
-				_need_to_fix_CVE2016_1247=0
-				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
-			else
-				_has_to_adjust_permissions=1
-				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-			fi
-		fi
-	done
-
-	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
-		# We do not DIE when chmod/chown commands are failing because
-		# package is already merged on user's system at this stage
-		# and we cannot retry without losing the information that
-		# the existing installation needs to adjust permissions.
-		# Instead we are going to a show a big warning ...
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The world-readable bit (if set) has been removed from the"
-			ewarn "following directories to mitigate a security bug"
-			ewarn "(CVE-2013-0337, bug #458726):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
-			chmod o-rwx \
-				"${EPREFIX%/}"/var/log/nginx \
-				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
-				_has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The permissions on the following directory have been reset in"
-			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "Also ensure that no other log directory used by any of your"
-			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-			ewarn "used by nginx can be abused to escalate privileges!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
-			# Should never happen ...
-			ewarn ""
-			ewarn "*************************************************************"
-			ewarn "***************         W A R N I N G         ***************"
-			ewarn "*************************************************************"
-			ewarn "The one-time only attempt to adjust permissions of the"
-			ewarn "existing nginx installation failed. Be aware that we will not"
-			ewarn "try to adjust the same permissions again because now you are"
-			ewarn "using a nginx version where we expect that the permissions"
-			ewarn "are already adjusted or that you know what you are doing and"
-			ewarn "want to keep custom permissions."
-			ewarn ""
-		fi
-	fi
-
-	# Sanity check for CVE-2016-1247
-	# Required to warn users who received the warning above and thought
-	# they could fix it by unmerging and re-merging the package or have
-	# unmerged a affected installation on purpose in the past leaving
-	# /var/log/nginx on their system due to keepdir/non-empty folder
-	# and are now installing the package again.
-	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
-	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
-	if [ $? -eq 0 ] ; then
-		# Cleanup -- no reason to die here!
-		rm -f "${_sanity_check_testfile}"
-
-		ewarn ""
-		ewarn "*************************************************************"
-		ewarn "***************         W A R N I N G         ***************"
-		ewarn "*************************************************************"
-		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
-		ewarn "(bug #605008) because nginx user is able to create files in"
-		ewarn ""
-		ewarn "  ${EPREFIX%/}/var/log/nginx"
-		ewarn ""
-		ewarn "Also ensure that no other log directory used by any of your"
-		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-		ewarn "used by nginx can be abused to escalate privileges!"
-	fi
-
-	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
-		# HTTPoxy mitigation
-		ewarn ""
-		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
-		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
-		ewarn "are sourcing one of the default"
-		ewarn ""
-		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
-		ewarn "  - 'scgi_params'"
-		ewarn "  - 'uwsgi_params'"
-		ewarn ""
-		ewarn "files in your server block(s)."
-		ewarn ""
-		ewarn "If this is causing any problems for you make sure that you are sourcing the"
-		ewarn "default parameters _before_ you set your own values."
-		ewarn "If you are relying on user-supplied proxy values you have to remove the"
-		ewarn "correlating lines from the file(s) mentioned above."
-		ewarn ""
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/files/, www-servers/nginx/

[Thomas Deutschmann]

commit:     9778611494644dfe5d165c78c7f83c6026b73696
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Nov 11 22:43:08 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Nov 11 22:43:27 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=97786114

www-servers/nginx: security cleanup (bug #670496)

Package-Manager: Portage-2.3.51, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 www-servers/nginx/Manifest                         |   10 -
 .../nginx/files/http_brotli-detect-brotli-r1.patch |  116 ---
 www-servers/nginx/nginx-1.14.0-r3.ebuild           | 1081 --------------------
 www-servers/nginx/nginx-1.15.1-r1.ebuild           | 1081 --------------------
 www-servers/nginx/nginx-1.15.2-r1.ebuild           | 1081 --------------------
 www-servers/nginx/nginx-1.15.2.ebuild              | 1081 --------------------
 www-servers/nginx/nginx-1.15.3.ebuild              | 1081 --------------------
 www-servers/nginx/nginx-1.15.5.ebuild              | 1081 --------------------
 8 files changed, 6612 deletions(-)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 18698b286ab..28370aeb02d 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,14 +1,8 @@
 DIST modsecurity-2.9.2.tar.gz 4298993 BLAKE2B 32a92148f0e1a1166cf888b8172fc55340c5712c9b770583703c74db450e77226629640c9db03f32e9f28397e6488669d06a89e4d31cb5ab5fff26b30ad843e0 SHA512 69c87ef6f7b6411f4803eb25af32969a1da59722121257c2edf345a3f5a4ab9ae8a49c886cbbfc722c5bda91c6d6ea55232f968c0a0407d7d7b3af53dc862c21
-DIST nginx-1.14.0.tar.gz 1016272 BLAKE2B 37d292955dc5f03f6b3b05fd434807ba1033fab73494866e8bacb99df1d595a7665b3722e9bb7227a119cabfea79be08a14e589565cedb78693fc3990cee4466 SHA512 40f086c9f741727e6f55802b6c3a66f081f7c49c38646dc1491aa3e3c35bae12b65ea6594386609fc849bcd99a60d7cd8ecb3f8d519e0e9ab8db01d653e930e9
 DIST nginx-1.14.1.tar.gz 1014040 BLAKE2B ce69cc693599be2c36b8b5f9ce4174be72b9fdc01c0cdd237725815cd8dc68fc3d04f93c38eed78b8d144aa88e1e916b54cd95a948b6272fbb7c74e75613c1f8 SHA512 906c9f44462c0a6b3d9d968641038511012de2662d8490bdb863e540988c2fb15f5cf8a8172e65267dab525e5edf2e9945d7da42a0aa2de5ac81de33fadcd9f3
-DIST nginx-1.15.1.tar.gz 1024086 BLAKE2B 411f566f53fcae62a8b539ac3809d75dc7eaae763c757818931a666e9ed9d2f2b266a7691f58d2ab62bb97d930dfc40f2dc96d199d9a066329ccbcd82d4d2200 SHA512 bdb15791cd599d72a93d85772f8d35d83a76bab10fdfd76929173f81ed1dbad125addc305a6308c0f3d71efb836bc715acf48940047ec17fd48cf37e05b56d17
-DIST nginx-1.15.2.tar.gz 1025746 BLAKE2B 96b1b1d660571e35b7f97c71da241fa88b44d3928868019b4fffdfa68cd40bb8bd31bba9429cc9e4ca2c2f8d7abf03129577003f4cca50e6d0325644eb47aad4 SHA512 ef8171138246b851f3713ea027d6b96de414b15e24de244fa4fcb428da3a68f4df0c54152e5c0993e36c9c97d4dabcd55a019d6709840b4393c86995604668ff
-DIST nginx-1.15.3.tar.gz 1022881 BLAKE2B 5a33a36a2a0dfa9b276c1fe9aeb148d191244973844ee9e411a88792fa8c80d2605efd83da708535f0e39234418b955eb15642a0d4d14e5c7c26e805ed921a2e SHA512 112fafd0841b79a165cee6a94da6d0c6c828b29ef1e3af00f4a12809c5d3bc8fd2a94f6d0cb05f6b487be81a414be42ea64f88e63a4d62fe9bebc9cf946aa94a
-DIST nginx-1.15.5.tar.gz 1024791 BLAKE2B 713373b908c40c5cf676cec7698807a7de0a3ba81e8215b00896f178f2369bdbd01318c688276cf9fea8b9274be75eab0fbf403ac629ca730198eccf363ec92f SHA512 90b3d8148fca183bd3f6d16fd9212e2eedbe13f151c079d67086fca5a9f58256b99a87b4444ee18b1f9fb2b65fbe2d5353985145e1c075b6236b31d0ce7e9051
 DIST nginx-1.15.6.tar.gz 1025761 BLAKE2B 0d8a76a04f830e85d6022faaea6a27f6d80382bfbfa067f29c6d62e34f4d6a35c315a71727a1c12dd3cd804a4e84eccde8a1cbd42be95c06143817ebdde00951 SHA512 89c1b7df7ed0722a930a977edfb94a8278e51ebd7d5a0d0959ac09515374f976283e945c283b704447f7b57fd302bdbbea0d0d11c48aa282f2d53230eb3e63be
 DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
-DIST ngx_brotli-0.1.2.tar.gz 12668 BLAKE2B 904d3f28dcf9f2d5a8eefa2ab8ff991e34624897a9932e351ec4cea05f2b0dbee34ea495de2d546510a556fb10041b388be963f28fecfcd7dc8638f950b36fd0 SHA512 661b4ce5cc678600e5df6be7588b0f0d5d914df9a6788c994cebfa25e211720b9e7d2c08fc34eb6a84743ae2929920ebf2888075e122ac23816ab7c0f3ef4b76
 DIST ngx_brotli-8104036af9cff4b1d34f22d00ba857e2a93a243c.tar.gz 12672 BLAKE2B fa2febfa63b98303f8890c6774de6ccb09475ccd639d3b74493a4ffd97c90febdc22755c5928018bdac24a537bd13cde165f97e5d2b50bebf598c3fb22ec0206 SHA512 169566b8764bb2b82e029f954a99063a9c61e2cbf982861c5f6818b389a5f37bf5389afb1b5627de9bd3f7af7b3c404be0230f943d47ab621c2a2bd825cc8203
 DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 BLAKE2B e4e987a85b2283ba540b4b894382e65dac7fbca23e233b1031b38828908088370cdb1a9bded4d4ee1ceb1c2e1d506dc2b6f4ba5f6ee94248e863def5a1c8dd1a SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614
 DIST ngx_http_auth_pam-1.5.1.tar.gz 6863 BLAKE2B 00807cc3db8f6c007c968b8a30d7f6094b7d9db4eaa60d211fcb3ac60aeb28c5f8193578a7e1ca67acbbf57a319c8442fe44efc1e193927c3bce5961539f9c16 SHA512 973b94874d8a58c0df0ac2d31571eafc1e80b11179cba33ec88421a826207fbf7e99b0387e135a1ca48d82daacb78f19a4c21d3a27b49b16dc86b4748bb72261
@@ -24,13 +18,9 @@ DIST ngx_http_push_stream-0.5.4.tar.gz 183493 BLAKE2B ccae3113071cee38fa6a7accd5
 DIST ngx_http_slowfs_cache-1.10.tar.gz 11809 BLAKE2B 54ec1bd0d1cc43cdaafc93ebd46b33374c57351c7f022eae0351d6961680abb03d896e7f058e67c43c4fee300253354feccb92d00e62bf91250e251e1860ec03 SHA512 fbc9609a8d6913aeefe535f206b9e53477503f131934ead2ae5a6169e395af2f5fb54778704824d5eeb22a4ef40a11ebbcde580db62a631f70edcc2cfc06b15d
 DIST ngx_http_upload_progress-0.9.2-r1.tar.gz 17268 BLAKE2B 7bbbf52e326c64a008339d2f80f123630fd314f705224c8f1c7d0c90bb4d31a24aaa95df55c9022838179114a031731a894992960aecc727635e0e2a0761d2c4 SHA512 c31c46344d49704389722325a041b9cd170fa290acefe92cfc572c07f711cd3039de78f28df48ca7dcb79b2e4bbe442580aaaf4d92883fd3a14bf41d66dd9d8c
 DIST ngx_http_upstream_check-9aecf15ec379fe98f62355c57b60c0bc83296f04.tar.gz 130073 BLAKE2B 3c93cef79425a46e22ae39adf13d5ebb0e5d36f5d6be8555ec068dd0017918f5355d82fbbe90ba934e58c52e89c2096e24012f75390c7159d1ebacfaaa112308 SHA512 fad2a0d3ac332b6e67c52e3525f6df8a432df3e92bc173190b8107fba7f24476ab9dae4824630299af68c15e856409bd47a3a79fb5b65e03a5133eb90142b8fc
-DIST ngx_http_vhost_traffic_status-0.1.18.tar.gz 380327 BLAKE2B 700f48ec3ae7b38d4498b1ca6f7e08069befb4b76a20cc0619d16e613c1efb387eace906901fcb098159bc20acfc8723d98aec690e11deaff949f5612dd414f9 SHA512 86b980095b3b80c8dce2e355db514cb4b3039c8408a2f5ca6df9e105d5462952fddd70f6581ec6aa2763e560b591664c27eefd978c4ea777b1f1f808bc60d4ec
 DIST ngx_http_vhost_traffic_status-46d85558e344dfe2b078ce757fd36c69a1ec2dd3.tar.gz 380721 BLAKE2B 8a63d9663aa896869345b97e4bb2a9ac93585d6d7ee16891c98f6445b90002ab90989d195399bf90c5a8ad32c4c908794b7cc33fa45183f9069c51906abb1606 SHA512 46451b3c9b7a3c57145fc8e1de9d8ee984286acff2fc3f4e6c4a39589eb42dd686844410312701d167eb369ab5943184b4fde1ef319359e272dad6fcdb8cad25
 DIST ngx_memc_module-0.19.tar.gz 34654 BLAKE2B 536384c264d88535179634d459d3a47b1d9b11885fbce46fbe9fa4df3dce365320b5963c56aecde3b0039d4f9954943d95f25c5f4fada6256861257f82ebbb12 SHA512 a64ec8dffcd011db2cd12b501271bf5c408f2f31fd2bf477b8db4e88adc5bb5732c4c2181ed8378cab6a937869d8f747ef52b22fe256c90df8440b91890edbe7
 DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc8b2b93f692615a1b39c1f327393647f80e7a27e6929799a6e7e3469b61e1cd72f7821f7a820da4dd7cd9a96d85c SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e
 DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
 DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
-DIST njs-0.2.2.tar.gz 253349 BLAKE2B 1ca508677a251ff38f5bca01292f2c7d2c41ac1c5d2cffae8b565694cbed9ebb2811b7e8893ea03384810e169ebb0cccfbf51d36166fcbc32e77fb30ba90d664 SHA512 e309b06b66e955873b82ef6c8881c3a98e0cf22e379b292c7561947db34c28990ade5461f42561e73c79c8e1e7914a990a003926054f884551edc16015ac4792
-DIST njs-0.2.3.tar.gz 269695 BLAKE2B 10d5f4ad41b382da8e87ac15ea46db0107e532db68bc3103c27ee0122f9e24fbf61ffdf472baa0ce9c69080abeaf71651d5097acc2a57257099c8e82148ed366 SHA512 0032bc0cb021ca2305164e39a71f7814a4a385cc6079057a53daebe1cd42e78dc6a6d35c7652c38805e8ceb30201333aacce819245a638b8a3779e6f74a2b7a6
-DIST njs-0.2.4.tar.gz 275322 BLAKE2B 78fefb19fcad23295526935c86416b03b53d16f33fde98dea60afe634d5a7dbcf617593ead8d360581b845572625c22325b43d4227128481a04ca5bf8f839724 SHA512 3d8be3442fa90f966c51e3950d75b11f5b5f6c03babe841d5af5c95f1546ce972193840fe19beb70461031c4895425a14faf012d5e755917d703017e9dbf886a
 DIST njs-0.2.5.tar.gz 281821 BLAKE2B 58eaa778b3c6977344e9ca5076b06336d51640d032ca08d36b07ec3fe5eb95d5501bd2f90e2f4f73670fc5b733d4baf3655207c319029fa5529ab989c9f0b577 SHA512 d434ba6bafbe591cbf8a7c1c003d98e2e675e634c5756d7d110d1347d4c9b984ccd4acceeab9021260ef14f795c2e2384b97609bd4abce534106a6b7dfb85092

diff --git a/www-servers/nginx/files/http_brotli-detect-brotli-r1.patch b/www-servers/nginx/files/http_brotli-detect-brotli-r1.patch
deleted file mode 100644
index 07a869fa096..00000000000
--- a/www-servers/nginx/files/http_brotli-detect-brotli-r1.patch
+++ /dev/null
@@ -1,116 +0,0 @@
-We aren't interested in bundled Brotli.
-
-Use pkg-config to detect Brotli's install path.
-
---- a/config
-+++ b/config
-@@ -59,98 +59,19 @@ have=NGX_HTTP_BROTLI_STATIC_MODULE . auto/have  # deprecated
- ngx_module_type=HTTP_FILTER
- ngx_module_name=ngx_http_brotli_filter_module
- 
--brotli="/usr/local"
-+brotli=$(pkg-config --variable=prefix libbrotlienc)
- 
- if [ ! -f "$brotli/include/brotli/encode.h" ]; then
- 
--brotli="$ngx_addon_dir/deps/brotli/c"
--
--if [ ! -f "$brotli/include/brotli/encode.h" ]; then
- cat << END
- 
- $0: error: \
--Brotli library is missing from the $brotli directory.
--
--Please make sure that the git submodule has been checked out:
--
--    cd $ngx_addon_dir && git submodule update --init && cd $PWD
-+Brotli library not found. Don't you have app-arch/brotli installed?
- 
- END
-     exit 1
- fi
- 
--ngx_module_incs="$brotli/include"
--ngx_module_deps="$brotli/common/constants.h \
--                 $brotli/common/context.h \
--                 $brotli/common/dictionary.h \
--                 $brotli/common/platform.h \
--                 $brotli/common/transform.h \
--                 $brotli/common/version.h \
--                 $brotli/enc/backward_references.h \
--                 $brotli/enc/backward_references_hq.h \
--                 $brotli/enc/backward_references_inc.h \
--                 $brotli/enc/bit_cost.h \
--                 $brotli/enc/bit_cost_inc.h \
--                 $brotli/enc/block_encoder_inc.h \
--                 $brotli/enc/block_splitter.h \
--                 $brotli/enc/block_splitter_inc.h \
--                 $brotli/enc/brotli_bit_stream.h \
--                 $brotli/enc/cluster.h \
--                 $brotli/enc/cluster_inc.h \
--                 $brotli/enc/command.h \
--                 $brotli/enc/compress_fragment.h \
--                 $brotli/enc/compress_fragment_two_pass.h \
--                 $brotli/enc/dictionary_hash.h \
--                 $brotli/enc/encoder_dict.h \
--                 $brotli/enc/entropy_encode.h \
--                 $brotli/enc/entropy_encode_static.h \
--                 $brotli/enc/fast_log.h \
--                 $brotli/enc/find_match_length.h \
--                 $brotli/enc/hash.h \
--                 $brotli/enc/hash_forgetful_chain_inc.h \
--                 $brotli/enc/hash_longest_match64_inc.h \
--                 $brotli/enc/hash_longest_match_inc.h \
--                 $brotli/enc/hash_longest_match_quickly_inc.h \
--                 $brotli/enc/hash_to_binary_tree_inc.h \
--                 $brotli/enc/histogram.h \
--                 $brotli/enc/histogram_inc.h \
--                 $brotli/enc/literal_cost.h \
--                 $brotli/enc/memory.h \
--                 $brotli/enc/metablock.h \
--                 $brotli/enc/metablock_inc.h \
--                 $brotli/enc/params.h \
--                 $brotli/enc/prefix.h \
--                 $brotli/enc/quality.h \
--                 $brotli/enc/ringbuffer.h \
--                 $brotli/enc/static_dict.h \
--                 $brotli/enc/static_dict_lut.h \
--                 $brotli/enc/utf8_util.h \
--                 $brotli/enc/write_bits.h"
--ngx_module_srcs="$brotli/common/dictionary.c \
--                 $brotli/common/transform.c \
--                 $brotli/enc/backward_references.c \
--                 $brotli/enc/backward_references_hq.c \
--                 $brotli/enc/bit_cost.c \
--                 $brotli/enc/block_splitter.c \
--                 $brotli/enc/brotli_bit_stream.c \
--                 $brotli/enc/cluster.c \
--                 $brotli/enc/compress_fragment.c \
--                 $brotli/enc/compress_fragment_two_pass.c \
--                 $brotli/enc/dictionary_hash.c \
--                 $brotli/enc/encode.c \
--                 $brotli/enc/encoder_dict.c \
--                 $brotli/enc/entropy_encode.c \
--                 $brotli/enc/histogram.c \
--                 $brotli/enc/literal_cost.c \
--                 $brotli/enc/memory.c \
--                 $brotli/enc/metablock.c \
--                 $brotli/enc/static_dict.c \
--                 $brotli/enc/utf8_util.c \
--                 $ngx_addon_dir/src/ngx_http_brotli_filter_module.c"
--ngx_module_libs="-lm"
--
--else # encode.h in /usr/local
--
- ngx_module_incs="$brotli/include"
- ngx_module_deps="$brotli/include/brotli/encode.h \
-                  $brotli/include/brotli/port.h \
-@@ -158,8 +79,6 @@ ngx_module_deps="$brotli/include/brotli/encode.h \
- ngx_module_srcs="$ngx_addon_dir/src/ngx_http_brotli_filter_module.c"
- ngx_module_libs="-lbrotlienc -lm"
- 
--fi # encode.h in /usr/local
--
- ngx_module_order="$ngx_module_name \
-                   ngx_pagespeed \
-                   ngx_http_postpone_filter_module \

diff --git a/www-servers/nginx/nginx-1.14.0-r3.ebuild b/www-servers/nginx/nginx-1.14.0-r3.ebuild
deleted file mode 100644
index 9332cae2dbb..00000000000
--- a/www-servers/nginx/nginx-1.14.0-r3.ebuild
+++ /dev/null
@@ -1,1081 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="0.1.2"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.13"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.1.18"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.1.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.2"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="2.0"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.2.2"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
-	nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
-	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="0"
-KEYWORDS="amd64 ~arm ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
-	proxy referer rewrite scgi ssi split_clients upstream_hash
-	upstream_ip_hash upstream_keepalive upstream_least_conn
-	upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
-	upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_auth_ldap
-	http_auth_pam
-	http_brotli
-	http_cache_purge
-	http_dav_ext
-	http_echo
-	http_fancyindex
-	http_geoip2
-	http_headers_more
-	http_javascript
-	http_lua
-	http_memc
-	http_metrics
-	http_mogilefs
-	http_naxsi
-	http_push_stream
-	http_security
-	http_slowfs_cache
-	http_sticky
-	http_upload_progress
-	http_upstream_check
-	http_vhost_traffic_status
-	stream_geoip2
-	stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( dev-libs/libpcre:= )
-	pcre-jit? ( dev-libs/libpcre:=[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_brotli? ( app-arch/brotli:= )
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
-	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl:= )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? (
-		dev-libs/apr:=
-		dev-libs/apr-util:=
-		dev-libs/libxml2:=
-		net-misc/curl
-		www-servers/apache
-	)
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
-	nginx_modules_stream_geoip? ( dev-libs/geoip )
-	nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:mainline"
-DEPEND="${CDEPEND}
-	nginx_modules_http_brotli? ( virtual/pkgconfig )
-	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_grpc? ( http2 )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
-	if use nginx_modules_http_brotli; then
-		cd "${HTTP_BROTLI_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_brotli-detect-brotli-r1.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		eautoreconf
-
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upload_progress; then
-		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
-		cd "${S}" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		./configure \
-			--enable-standalone-module \
-			--disable-mlogc \
-			--with-ssdeep=no \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
-		cd "${S}" || die
-	fi
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_vhost_traffic_status; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
-		myconf+=( --add-module=${GEOIP2_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
-		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
-	fi
-
-	if use nginx_modules_http_brotli; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM_STD; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			myconf+=( --without-stream_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_STREAM_OPT; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-			myconf+=( --with-stream_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
-		stream_enabled=1
-	fi
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	local WITHOUT_IPV6=
-	if ! use ipv6; then
-		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
-	fi
-
-	if [[ -n "${EXTRA_ECONF}" ]]; then
-		myconf+=( ${EXTRA_ECONF} )
-		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		--with-compat \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
-	newconfd "${FILESDIR}"/nginx.confd nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 ${keepdir_list}
-	fowners ${PN}:${PN} ${keepdir_list}
-
-	fperms 0710 /var/log/nginx
-	fowners 0:${PN} /var/log/nginx
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn ""
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua; then
-		ewarn ""
-		ewarn "While you can build lua 3rd party module against ${P}"
-		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
-		ewarn "officially supported target yet. You are on your own."
-		ewarn "Expect runtime failures, memory leaks and other problems!"
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn ""
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
-	fi
-
-	local _n_permission_layout_checks=0
-	local _has_to_adjust_permissions=0
-	local _has_to_show_permission_warning=0
-
-	# Defaults to 1 to inform people doing a fresh installation
-	# that we ship modified {scgi,uwsgi,fastcgi}_params files
-	local _has_to_show_httpoxy_mitigation_notice=1
-
-	local _replacing_version=
-	for _replacing_version in ${REPLACING_VERSIONS}; do
-		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
-		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
-			# Should never happen:
-			# Package is abusing slots but doesn't allow multiple parallel installations.
-			# If we run into this situation it is unsafe to automatically adjust any
-			# permission...
-			_has_to_show_permission_warning=1
-
-			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
-				"You will have to adjust permissions on your own."
-
-			break
-		fi
-
-		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
-		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
-		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
-		# This was before we introduced multiple nginx versions so we
-		# do not need to distinguish between stable and mainline
-		local _need_to_fix_CVE2013_0337=1
-
-		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
-			# We are updating an installation which should already be fixed
-			_need_to_fix_CVE2013_0337=0
-			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
-		else
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
-		fi
-
-		# Do we need to inform about HTTPoxy mitigation?
-		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_show_httpoxy_mitigation_notice=1
-			debug-print "Need to inform about HTTPoxy mitigation!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.1-r2"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.3-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that the user has
-					# already seen the HTTPoxy mitigation notice because he/she is doing
-					# an update from previous version where we have already shown
-					# the warning. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation where we already informed
-				# that we are mitigating HTTPoxy per default
-				_has_to_show_httpoxy_mitigation_notice=0
-				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
-			else
-				_has_to_show_httpoxy_mitigation_notice=1
-				debug-print "Need to inform about HTTPoxy mitigation!"
-			fi
-		fi
-
-		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
-		# All branches up to 1.11 are affected
-		local _need_to_fix_CVE2016_1247=1
-
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.2-r3"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.6-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that we have already
-					# adjusted permissions or were never affected because user is
-					# doing an update from previous version which was safe or did
-					# the adjustments. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation which should already be adjusted
-				# or which was never affected
-				_need_to_fix_CVE2016_1247=0
-				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
-			else
-				_has_to_adjust_permissions=1
-				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-			fi
-		fi
-	done
-
-	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
-		# We do not DIE when chmod/chown commands are failing because
-		# package is already merged on user's system at this stage
-		# and we cannot retry without losing the information that
-		# the existing installation needs to adjust permissions.
-		# Instead we are going to a show a big warning ...
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The world-readable bit (if set) has been removed from the"
-			ewarn "following directories to mitigate a security bug"
-			ewarn "(CVE-2013-0337, bug #458726):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
-			chmod o-rwx \
-				"${EPREFIX%/}"/var/log/nginx \
-				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
-				_has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The permissions on the following directory have been reset in"
-			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "Also ensure that no other log directory used by any of your"
-			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-			ewarn "used by nginx can be abused to escalate privileges!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
-			# Should never happen ...
-			ewarn ""
-			ewarn "*************************************************************"
-			ewarn "***************         W A R N I N G         ***************"
-			ewarn "*************************************************************"
-			ewarn "The one-time only attempt to adjust permissions of the"
-			ewarn "existing nginx installation failed. Be aware that we will not"
-			ewarn "try to adjust the same permissions again because now you are"
-			ewarn "using a nginx version where we expect that the permissions"
-			ewarn "are already adjusted or that you know what you are doing and"
-			ewarn "want to keep custom permissions."
-			ewarn ""
-		fi
-	fi
-
-	# Sanity check for CVE-2016-1247
-	# Required to warn users who received the warning above and thought
-	# they could fix it by unmerging and re-merging the package or have
-	# unmerged a affected installation on purpose in the past leaving
-	# /var/log/nginx on their system due to keepdir/non-empty folder
-	# and are now installing the package again.
-	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
-	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
-	if [ $? -eq 0 ] ; then
-		# Cleanup -- no reason to die here!
-		rm -f "${_sanity_check_testfile}"
-
-		ewarn ""
-		ewarn "*************************************************************"
-		ewarn "***************         W A R N I N G         ***************"
-		ewarn "*************************************************************"
-		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
-		ewarn "(bug #605008) because nginx user is able to create files in"
-		ewarn ""
-		ewarn "  ${EPREFIX%/}/var/log/nginx"
-		ewarn ""
-		ewarn "Also ensure that no other log directory used by any of your"
-		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-		ewarn "used by nginx can be abused to escalate privileges!"
-	fi
-
-	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
-		# HTTPoxy mitigation
-		ewarn ""
-		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
-		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
-		ewarn "are sourcing one of the default"
-		ewarn ""
-		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
-		ewarn "  - 'scgi_params'"
-		ewarn "  - 'uwsgi_params'"
-		ewarn ""
-		ewarn "files in your server block(s)."
-		ewarn ""
-		ewarn "If this is causing any problems for you make sure that you are sourcing the"
-		ewarn "default parameters _before_ you set your own values."
-		ewarn "If you are relying on user-supplied proxy values you have to remove the"
-		ewarn "correlating lines from the file(s) mentioned above."
-		ewarn ""
-	fi
-}

diff --git a/www-servers/nginx/nginx-1.15.1-r1.ebuild b/www-servers/nginx/nginx-1.15.1-r1.ebuild
deleted file mode 100644
index addae4eea24..00000000000
--- a/www-servers/nginx/nginx-1.15.1-r1.ebuild
+++ /dev/null
@@ -1,1081 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="0.1.2"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.13"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.1.18"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.1.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.2"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="2.0"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.2.2"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
-	nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
-	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
-	proxy referer rewrite scgi ssi split_clients upstream_hash
-	upstream_ip_hash upstream_keepalive upstream_least_conn
-	upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
-	upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_auth_ldap
-	http_auth_pam
-	http_brotli
-	http_cache_purge
-	http_dav_ext
-	http_echo
-	http_fancyindex
-	http_geoip2
-	http_headers_more
-	http_javascript
-	http_lua
-	http_memc
-	http_metrics
-	http_mogilefs
-	http_naxsi
-	http_push_stream
-	http_security
-	http_slowfs_cache
-	http_sticky
-	http_upload_progress
-	http_upstream_check
-	http_vhost_traffic_status
-	stream_geoip2
-	stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( dev-libs/libpcre:= )
-	pcre-jit? ( dev-libs/libpcre:=[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_brotli? ( app-arch/brotli:= )
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
-	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl:= )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? (
-		dev-libs/apr:=
-		dev-libs/apr-util:=
-		dev-libs/libxml2:=
-		net-misc/curl
-		www-servers/apache
-	)
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
-	nginx_modules_stream_geoip? ( dev-libs/geoip )
-	nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	nginx_modules_http_brotli? ( virtual/pkgconfig )
-	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_grpc? ( http2 )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
-	if use nginx_modules_http_brotli; then
-		cd "${HTTP_BROTLI_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_brotli-detect-brotli-r1.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		eautoreconf
-
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upload_progress; then
-		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
-		cd "${S}" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		./configure \
-			--enable-standalone-module \
-			--disable-mlogc \
-			--with-ssdeep=no \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
-		cd "${S}" || die
-	fi
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_vhost_traffic_status; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
-		myconf+=( --add-module=${GEOIP2_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
-		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
-	fi
-
-	if use nginx_modules_http_brotli; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM_STD; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			myconf+=( --without-stream_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_STREAM_OPT; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-			myconf+=( --with-stream_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
-		stream_enabled=1
-	fi
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	local WITHOUT_IPV6=
-	if ! use ipv6; then
-		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
-	fi
-
-	if [[ -n "${EXTRA_ECONF}" ]]; then
-		myconf+=( ${EXTRA_ECONF} )
-		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		--with-compat \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
-	newconfd "${FILESDIR}"/nginx.confd nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 ${keepdir_list}
-	fowners ${PN}:${PN} ${keepdir_list}
-
-	fperms 0710 /var/log/nginx
-	fowners 0:${PN} /var/log/nginx
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn ""
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua; then
-		ewarn ""
-		ewarn "While you can build lua 3rd party module against ${P}"
-		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
-		ewarn "officially supported target yet. You are on your own."
-		ewarn "Expect runtime failures, memory leaks and other problems!"
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn ""
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
-	fi
-
-	local _n_permission_layout_checks=0
-	local _has_to_adjust_permissions=0
-	local _has_to_show_permission_warning=0
-
-	# Defaults to 1 to inform people doing a fresh installation
-	# that we ship modified {scgi,uwsgi,fastcgi}_params files
-	local _has_to_show_httpoxy_mitigation_notice=1
-
-	local _replacing_version=
-	for _replacing_version in ${REPLACING_VERSIONS}; do
-		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
-		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
-			# Should never happen:
-			# Package is abusing slots but doesn't allow multiple parallel installations.
-			# If we run into this situation it is unsafe to automatically adjust any
-			# permission...
-			_has_to_show_permission_warning=1
-
-			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
-				"You will have to adjust permissions on your own."
-
-			break
-		fi
-
-		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
-		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
-		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
-		# This was before we introduced multiple nginx versions so we
-		# do not need to distinguish between stable and mainline
-		local _need_to_fix_CVE2013_0337=1
-
-		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
-			# We are updating an installation which should already be fixed
-			_need_to_fix_CVE2013_0337=0
-			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
-		else
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
-		fi
-
-		# Do we need to inform about HTTPoxy mitigation?
-		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_show_httpoxy_mitigation_notice=1
-			debug-print "Need to inform about HTTPoxy mitigation!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.1-r2"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.3-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that the user has
-					# already seen the HTTPoxy mitigation notice because he/she is doing
-					# an update from previous version where we have already shown
-					# the warning. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation where we already informed
-				# that we are mitigating HTTPoxy per default
-				_has_to_show_httpoxy_mitigation_notice=0
-				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
-			else
-				_has_to_show_httpoxy_mitigation_notice=1
-				debug-print "Need to inform about HTTPoxy mitigation!"
-			fi
-		fi
-
-		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
-		# All branches up to 1.11 are affected
-		local _need_to_fix_CVE2016_1247=1
-
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.2-r3"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.6-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that we have already
-					# adjusted permissions or were never affected because user is
-					# doing an update from previous version which was safe or did
-					# the adjustments. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation which should already be adjusted
-				# or which was never affected
-				_need_to_fix_CVE2016_1247=0
-				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
-			else
-				_has_to_adjust_permissions=1
-				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-			fi
-		fi
-	done
-
-	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
-		# We do not DIE when chmod/chown commands are failing because
-		# package is already merged on user's system at this stage
-		# and we cannot retry without losing the information that
-		# the existing installation needs to adjust permissions.
-		# Instead we are going to a show a big warning ...
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The world-readable bit (if set) has been removed from the"
-			ewarn "following directories to mitigate a security bug"
-			ewarn "(CVE-2013-0337, bug #458726):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
-			chmod o-rwx \
-				"${EPREFIX%/}"/var/log/nginx \
-				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
-				_has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The permissions on the following directory have been reset in"
-			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "Also ensure that no other log directory used by any of your"
-			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-			ewarn "used by nginx can be abused to escalate privileges!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
-			# Should never happen ...
-			ewarn ""
-			ewarn "*************************************************************"
-			ewarn "***************         W A R N I N G         ***************"
-			ewarn "*************************************************************"
-			ewarn "The one-time only attempt to adjust permissions of the"
-			ewarn "existing nginx installation failed. Be aware that we will not"
-			ewarn "try to adjust the same permissions again because now you are"
-			ewarn "using a nginx version where we expect that the permissions"
-			ewarn "are already adjusted or that you know what you are doing and"
-			ewarn "want to keep custom permissions."
-			ewarn ""
-		fi
-	fi
-
-	# Sanity check for CVE-2016-1247
-	# Required to warn users who received the warning above and thought
-	# they could fix it by unmerging and re-merging the package or have
-	# unmerged a affected installation on purpose in the past leaving
-	# /var/log/nginx on their system due to keepdir/non-empty folder
-	# and are now installing the package again.
-	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
-	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
-	if [ $? -eq 0 ] ; then
-		# Cleanup -- no reason to die here!
-		rm -f "${_sanity_check_testfile}"
-
-		ewarn ""
-		ewarn "*************************************************************"
-		ewarn "***************         W A R N I N G         ***************"
-		ewarn "*************************************************************"
-		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
-		ewarn "(bug #605008) because nginx user is able to create files in"
-		ewarn ""
-		ewarn "  ${EPREFIX%/}/var/log/nginx"
-		ewarn ""
-		ewarn "Also ensure that no other log directory used by any of your"
-		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-		ewarn "used by nginx can be abused to escalate privileges!"
-	fi
-
-	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
-		# HTTPoxy mitigation
-		ewarn ""
-		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
-		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
-		ewarn "are sourcing one of the default"
-		ewarn ""
-		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
-		ewarn "  - 'scgi_params'"
-		ewarn "  - 'uwsgi_params'"
-		ewarn ""
-		ewarn "files in your server block(s)."
-		ewarn ""
-		ewarn "If this is causing any problems for you make sure that you are sourcing the"
-		ewarn "default parameters _before_ you set your own values."
-		ewarn "If you are relying on user-supplied proxy values you have to remove the"
-		ewarn "correlating lines from the file(s) mentioned above."
-		ewarn ""
-	fi
-}

diff --git a/www-servers/nginx/nginx-1.15.2-r1.ebuild b/www-servers/nginx/nginx-1.15.2-r1.ebuild
deleted file mode 100644
index 32888e842f4..00000000000
--- a/www-servers/nginx/nginx-1.15.2-r1.ebuild
+++ /dev/null
@@ -1,1081 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="0.1.2"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.13"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.1.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.2"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="2.0"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.2.3"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
-	nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
-	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
-	proxy referer rewrite scgi ssi split_clients upstream_hash
-	upstream_ip_hash upstream_keepalive upstream_least_conn
-	upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
-	upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_auth_ldap
-	http_auth_pam
-	http_brotli
-	http_cache_purge
-	http_dav_ext
-	http_echo
-	http_fancyindex
-	http_geoip2
-	http_headers_more
-	http_javascript
-	http_lua
-	http_memc
-	http_metrics
-	http_mogilefs
-	http_naxsi
-	http_push_stream
-	http_security
-	http_slowfs_cache
-	http_sticky
-	http_upload_progress
-	http_upstream_check
-	http_vhost_traffic_status
-	stream_geoip2
-	stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( dev-libs/libpcre:= )
-	pcre-jit? ( dev-libs/libpcre:=[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_brotli? ( app-arch/brotli:= )
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
-	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl:= )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? (
-		dev-libs/apr:=
-		dev-libs/apr-util:=
-		dev-libs/libxml2:=
-		net-misc/curl
-		www-servers/apache
-	)
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
-	nginx_modules_stream_geoip? ( dev-libs/geoip )
-	nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	nginx_modules_http_brotli? ( virtual/pkgconfig )
-	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_grpc? ( http2 )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
-	if use nginx_modules_http_brotli; then
-		cd "${HTTP_BROTLI_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_brotli-detect-brotli-r1.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		eautoreconf
-
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upload_progress; then
-		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
-		cd "${S}" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		./configure \
-			--enable-standalone-module \
-			--disable-mlogc \
-			--with-ssdeep=no \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
-		cd "${S}" || die
-	fi
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_vhost_traffic_status; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
-		myconf+=( --add-module=${GEOIP2_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
-		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
-	fi
-
-	if use nginx_modules_http_brotli; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM_STD; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			myconf+=( --without-stream_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_STREAM_OPT; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-			myconf+=( --with-stream_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
-		stream_enabled=1
-	fi
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	local WITHOUT_IPV6=
-	if ! use ipv6; then
-		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
-	fi
-
-	if [[ -n "${EXTRA_ECONF}" ]]; then
-		myconf+=( ${EXTRA_ECONF} )
-		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		--with-compat \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
-	newconfd "${FILESDIR}"/nginx.confd nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 ${keepdir_list}
-	fowners ${PN}:${PN} ${keepdir_list}
-
-	fperms 0710 /var/log/nginx
-	fowners 0:${PN} /var/log/nginx
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn ""
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua; then
-		ewarn ""
-		ewarn "While you can build lua 3rd party module against ${P}"
-		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
-		ewarn "officially supported target yet. You are on your own."
-		ewarn "Expect runtime failures, memory leaks and other problems!"
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn ""
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
-	fi
-
-	local _n_permission_layout_checks=0
-	local _has_to_adjust_permissions=0
-	local _has_to_show_permission_warning=0
-
-	# Defaults to 1 to inform people doing a fresh installation
-	# that we ship modified {scgi,uwsgi,fastcgi}_params files
-	local _has_to_show_httpoxy_mitigation_notice=1
-
-	local _replacing_version=
-	for _replacing_version in ${REPLACING_VERSIONS}; do
-		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
-		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
-			# Should never happen:
-			# Package is abusing slots but doesn't allow multiple parallel installations.
-			# If we run into this situation it is unsafe to automatically adjust any
-			# permission...
-			_has_to_show_permission_warning=1
-
-			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
-				"You will have to adjust permissions on your own."
-
-			break
-		fi
-
-		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
-		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
-		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
-		# This was before we introduced multiple nginx versions so we
-		# do not need to distinguish between stable and mainline
-		local _need_to_fix_CVE2013_0337=1
-
-		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
-			# We are updating an installation which should already be fixed
-			_need_to_fix_CVE2013_0337=0
-			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
-		else
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
-		fi
-
-		# Do we need to inform about HTTPoxy mitigation?
-		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_show_httpoxy_mitigation_notice=1
-			debug-print "Need to inform about HTTPoxy mitigation!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.1-r2"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.3-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that the user has
-					# already seen the HTTPoxy mitigation notice because he/she is doing
-					# an update from previous version where we have already shown
-					# the warning. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation where we already informed
-				# that we are mitigating HTTPoxy per default
-				_has_to_show_httpoxy_mitigation_notice=0
-				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
-			else
-				_has_to_show_httpoxy_mitigation_notice=1
-				debug-print "Need to inform about HTTPoxy mitigation!"
-			fi
-		fi
-
-		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
-		# All branches up to 1.11 are affected
-		local _need_to_fix_CVE2016_1247=1
-
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.2-r3"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.6-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that we have already
-					# adjusted permissions or were never affected because user is
-					# doing an update from previous version which was safe or did
-					# the adjustments. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation which should already be adjusted
-				# or which was never affected
-				_need_to_fix_CVE2016_1247=0
-				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
-			else
-				_has_to_adjust_permissions=1
-				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-			fi
-		fi
-	done
-
-	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
-		# We do not DIE when chmod/chown commands are failing because
-		# package is already merged on user's system at this stage
-		# and we cannot retry without losing the information that
-		# the existing installation needs to adjust permissions.
-		# Instead we are going to a show a big warning ...
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The world-readable bit (if set) has been removed from the"
-			ewarn "following directories to mitigate a security bug"
-			ewarn "(CVE-2013-0337, bug #458726):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
-			chmod o-rwx \
-				"${EPREFIX%/}"/var/log/nginx \
-				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
-				_has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The permissions on the following directory have been reset in"
-			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "Also ensure that no other log directory used by any of your"
-			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-			ewarn "used by nginx can be abused to escalate privileges!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
-			# Should never happen ...
-			ewarn ""
-			ewarn "*************************************************************"
-			ewarn "***************         W A R N I N G         ***************"
-			ewarn "*************************************************************"
-			ewarn "The one-time only attempt to adjust permissions of the"
-			ewarn "existing nginx installation failed. Be aware that we will not"
-			ewarn "try to adjust the same permissions again because now you are"
-			ewarn "using a nginx version where we expect that the permissions"
-			ewarn "are already adjusted or that you know what you are doing and"
-			ewarn "want to keep custom permissions."
-			ewarn ""
-		fi
-	fi
-
-	# Sanity check for CVE-2016-1247
-	# Required to warn users who received the warning above and thought
-	# they could fix it by unmerging and re-merging the package or have
-	# unmerged a affected installation on purpose in the past leaving
-	# /var/log/nginx on their system due to keepdir/non-empty folder
-	# and are now installing the package again.
-	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
-	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
-	if [ $? -eq 0 ] ; then
-		# Cleanup -- no reason to die here!
-		rm -f "${_sanity_check_testfile}"
-
-		ewarn ""
-		ewarn "*************************************************************"
-		ewarn "***************         W A R N I N G         ***************"
-		ewarn "*************************************************************"
-		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
-		ewarn "(bug #605008) because nginx user is able to create files in"
-		ewarn ""
-		ewarn "  ${EPREFIX%/}/var/log/nginx"
-		ewarn ""
-		ewarn "Also ensure that no other log directory used by any of your"
-		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-		ewarn "used by nginx can be abused to escalate privileges!"
-	fi
-
-	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
-		# HTTPoxy mitigation
-		ewarn ""
-		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
-		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
-		ewarn "are sourcing one of the default"
-		ewarn ""
-		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
-		ewarn "  - 'scgi_params'"
-		ewarn "  - 'uwsgi_params'"
-		ewarn ""
-		ewarn "files in your server block(s)."
-		ewarn ""
-		ewarn "If this is causing any problems for you make sure that you are sourcing the"
-		ewarn "default parameters _before_ you set your own values."
-		ewarn "If you are relying on user-supplied proxy values you have to remove the"
-		ewarn "correlating lines from the file(s) mentioned above."
-		ewarn ""
-	fi
-}

diff --git a/www-servers/nginx/nginx-1.15.2.ebuild b/www-servers/nginx/nginx-1.15.2.ebuild
deleted file mode 100644
index 166f5cc1086..00000000000
--- a/www-servers/nginx/nginx-1.15.2.ebuild
+++ /dev/null
@@ -1,1081 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="0.1.2"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.13"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.1.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.2"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="2.0"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.2.2"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
-	nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
-	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
-	proxy referer rewrite scgi ssi split_clients upstream_hash
-	upstream_ip_hash upstream_keepalive upstream_least_conn
-	upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
-	upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_auth_ldap
-	http_auth_pam
-	http_brotli
-	http_cache_purge
-	http_dav_ext
-	http_echo
-	http_fancyindex
-	http_geoip2
-	http_headers_more
-	http_javascript
-	http_lua
-	http_memc
-	http_metrics
-	http_mogilefs
-	http_naxsi
-	http_push_stream
-	http_security
-	http_slowfs_cache
-	http_sticky
-	http_upload_progress
-	http_upstream_check
-	http_vhost_traffic_status
-	stream_geoip2
-	stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( dev-libs/libpcre:= )
-	pcre-jit? ( dev-libs/libpcre:=[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_brotli? ( app-arch/brotli:= )
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
-	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl:= )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? (
-		dev-libs/apr:=
-		dev-libs/apr-util:=
-		dev-libs/libxml2:=
-		net-misc/curl
-		www-servers/apache
-	)
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
-	nginx_modules_stream_geoip? ( dev-libs/geoip )
-	nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	nginx_modules_http_brotli? ( virtual/pkgconfig )
-	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_grpc? ( http2 )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
-	if use nginx_modules_http_brotli; then
-		cd "${HTTP_BROTLI_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_brotli-detect-brotli-r1.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		eautoreconf
-
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upload_progress; then
-		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
-		cd "${S}" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		./configure \
-			--enable-standalone-module \
-			--disable-mlogc \
-			--with-ssdeep=no \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
-		cd "${S}" || die
-	fi
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_vhost_traffic_status; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
-		myconf+=( --add-module=${GEOIP2_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
-		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
-	fi
-
-	if use nginx_modules_http_brotli; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM_STD; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			myconf+=( --without-stream_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_STREAM_OPT; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-			myconf+=( --with-stream_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
-		stream_enabled=1
-	fi
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	local WITHOUT_IPV6=
-	if ! use ipv6; then
-		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
-	fi
-
-	if [[ -n "${EXTRA_ECONF}" ]]; then
-		myconf+=( ${EXTRA_ECONF} )
-		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		--with-compat \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
-	newconfd "${FILESDIR}"/nginx.confd nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 ${keepdir_list}
-	fowners ${PN}:${PN} ${keepdir_list}
-
-	fperms 0710 /var/log/nginx
-	fowners 0:${PN} /var/log/nginx
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn ""
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua; then
-		ewarn ""
-		ewarn "While you can build lua 3rd party module against ${P}"
-		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
-		ewarn "officially supported target yet. You are on your own."
-		ewarn "Expect runtime failures, memory leaks and other problems!"
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn ""
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
-	fi
-
-	local _n_permission_layout_checks=0
-	local _has_to_adjust_permissions=0
-	local _has_to_show_permission_warning=0
-
-	# Defaults to 1 to inform people doing a fresh installation
-	# that we ship modified {scgi,uwsgi,fastcgi}_params files
-	local _has_to_show_httpoxy_mitigation_notice=1
-
-	local _replacing_version=
-	for _replacing_version in ${REPLACING_VERSIONS}; do
-		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
-		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
-			# Should never happen:
-			# Package is abusing slots but doesn't allow multiple parallel installations.
-			# If we run into this situation it is unsafe to automatically adjust any
-			# permission...
-			_has_to_show_permission_warning=1
-
-			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
-				"You will have to adjust permissions on your own."
-
-			break
-		fi
-
-		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
-		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
-		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
-		# This was before we introduced multiple nginx versions so we
-		# do not need to distinguish between stable and mainline
-		local _need_to_fix_CVE2013_0337=1
-
-		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
-			# We are updating an installation which should already be fixed
-			_need_to_fix_CVE2013_0337=0
-			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
-		else
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
-		fi
-
-		# Do we need to inform about HTTPoxy mitigation?
-		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_show_httpoxy_mitigation_notice=1
-			debug-print "Need to inform about HTTPoxy mitigation!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.1-r2"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.3-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that the user has
-					# already seen the HTTPoxy mitigation notice because he/she is doing
-					# an update from previous version where we have already shown
-					# the warning. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation where we already informed
-				# that we are mitigating HTTPoxy per default
-				_has_to_show_httpoxy_mitigation_notice=0
-				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
-			else
-				_has_to_show_httpoxy_mitigation_notice=1
-				debug-print "Need to inform about HTTPoxy mitigation!"
-			fi
-		fi
-
-		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
-		# All branches up to 1.11 are affected
-		local _need_to_fix_CVE2016_1247=1
-
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.2-r3"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.6-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that we have already
-					# adjusted permissions or were never affected because user is
-					# doing an update from previous version which was safe or did
-					# the adjustments. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation which should already be adjusted
-				# or which was never affected
-				_need_to_fix_CVE2016_1247=0
-				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
-			else
-				_has_to_adjust_permissions=1
-				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-			fi
-		fi
-	done
-
-	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
-		# We do not DIE when chmod/chown commands are failing because
-		# package is already merged on user's system at this stage
-		# and we cannot retry without losing the information that
-		# the existing installation needs to adjust permissions.
-		# Instead we are going to a show a big warning ...
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The world-readable bit (if set) has been removed from the"
-			ewarn "following directories to mitigate a security bug"
-			ewarn "(CVE-2013-0337, bug #458726):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
-			chmod o-rwx \
-				"${EPREFIX%/}"/var/log/nginx \
-				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
-				_has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The permissions on the following directory have been reset in"
-			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "Also ensure that no other log directory used by any of your"
-			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-			ewarn "used by nginx can be abused to escalate privileges!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
-			# Should never happen ...
-			ewarn ""
-			ewarn "*************************************************************"
-			ewarn "***************         W A R N I N G         ***************"
-			ewarn "*************************************************************"
-			ewarn "The one-time only attempt to adjust permissions of the"
-			ewarn "existing nginx installation failed. Be aware that we will not"
-			ewarn "try to adjust the same permissions again because now you are"
-			ewarn "using a nginx version where we expect that the permissions"
-			ewarn "are already adjusted or that you know what you are doing and"
-			ewarn "want to keep custom permissions."
-			ewarn ""
-		fi
-	fi
-
-	# Sanity check for CVE-2016-1247
-	# Required to warn users who received the warning above and thought
-	# they could fix it by unmerging and re-merging the package or have
-	# unmerged a affected installation on purpose in the past leaving
-	# /var/log/nginx on their system due to keepdir/non-empty folder
-	# and are now installing the package again.
-	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
-	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
-	if [ $? -eq 0 ] ; then
-		# Cleanup -- no reason to die here!
-		rm -f "${_sanity_check_testfile}"
-
-		ewarn ""
-		ewarn "*************************************************************"
-		ewarn "***************         W A R N I N G         ***************"
-		ewarn "*************************************************************"
-		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
-		ewarn "(bug #605008) because nginx user is able to create files in"
-		ewarn ""
-		ewarn "  ${EPREFIX%/}/var/log/nginx"
-		ewarn ""
-		ewarn "Also ensure that no other log directory used by any of your"
-		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-		ewarn "used by nginx can be abused to escalate privileges!"
-	fi
-
-	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
-		# HTTPoxy mitigation
-		ewarn ""
-		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
-		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
-		ewarn "are sourcing one of the default"
-		ewarn ""
-		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
-		ewarn "  - 'scgi_params'"
-		ewarn "  - 'uwsgi_params'"
-		ewarn ""
-		ewarn "files in your server block(s)."
-		ewarn ""
-		ewarn "If this is causing any problems for you make sure that you are sourcing the"
-		ewarn "default parameters _before_ you set your own values."
-		ewarn "If you are relying on user-supplied proxy values you have to remove the"
-		ewarn "correlating lines from the file(s) mentioned above."
-		ewarn ""
-	fi
-}

diff --git a/www-servers/nginx/nginx-1.15.3.ebuild b/www-servers/nginx/nginx-1.15.3.ebuild
deleted file mode 100644
index 32888e842f4..00000000000
--- a/www-servers/nginx/nginx-1.15.3.ebuild
+++ /dev/null
@@ -1,1081 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="0.1.2"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.13"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.1.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.2"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="2.0"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.2.3"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
-	nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
-	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
-	proxy referer rewrite scgi ssi split_clients upstream_hash
-	upstream_ip_hash upstream_keepalive upstream_least_conn
-	upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
-	upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_auth_ldap
-	http_auth_pam
-	http_brotli
-	http_cache_purge
-	http_dav_ext
-	http_echo
-	http_fancyindex
-	http_geoip2
-	http_headers_more
-	http_javascript
-	http_lua
-	http_memc
-	http_metrics
-	http_mogilefs
-	http_naxsi
-	http_push_stream
-	http_security
-	http_slowfs_cache
-	http_sticky
-	http_upload_progress
-	http_upstream_check
-	http_vhost_traffic_status
-	stream_geoip2
-	stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( dev-libs/libpcre:= )
-	pcre-jit? ( dev-libs/libpcre:=[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_brotli? ( app-arch/brotli:= )
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
-	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl:= )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? (
-		dev-libs/apr:=
-		dev-libs/apr-util:=
-		dev-libs/libxml2:=
-		net-misc/curl
-		www-servers/apache
-	)
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
-	nginx_modules_stream_geoip? ( dev-libs/geoip )
-	nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	nginx_modules_http_brotli? ( virtual/pkgconfig )
-	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_grpc? ( http2 )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
-	if use nginx_modules_http_brotli; then
-		cd "${HTTP_BROTLI_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_brotli-detect-brotli-r1.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		eautoreconf
-
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upload_progress; then
-		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
-		cd "${S}" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		./configure \
-			--enable-standalone-module \
-			--disable-mlogc \
-			--with-ssdeep=no \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
-		cd "${S}" || die
-	fi
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_vhost_traffic_status; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
-		myconf+=( --add-module=${GEOIP2_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
-		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
-	fi
-
-	if use nginx_modules_http_brotli; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM_STD; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			myconf+=( --without-stream_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_STREAM_OPT; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-			myconf+=( --with-stream_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
-		stream_enabled=1
-	fi
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	local WITHOUT_IPV6=
-	if ! use ipv6; then
-		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
-	fi
-
-	if [[ -n "${EXTRA_ECONF}" ]]; then
-		myconf+=( ${EXTRA_ECONF} )
-		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		--with-compat \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
-	newconfd "${FILESDIR}"/nginx.confd nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 ${keepdir_list}
-	fowners ${PN}:${PN} ${keepdir_list}
-
-	fperms 0710 /var/log/nginx
-	fowners 0:${PN} /var/log/nginx
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn ""
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua; then
-		ewarn ""
-		ewarn "While you can build lua 3rd party module against ${P}"
-		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
-		ewarn "officially supported target yet. You are on your own."
-		ewarn "Expect runtime failures, memory leaks and other problems!"
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn ""
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
-	fi
-
-	local _n_permission_layout_checks=0
-	local _has_to_adjust_permissions=0
-	local _has_to_show_permission_warning=0
-
-	# Defaults to 1 to inform people doing a fresh installation
-	# that we ship modified {scgi,uwsgi,fastcgi}_params files
-	local _has_to_show_httpoxy_mitigation_notice=1
-
-	local _replacing_version=
-	for _replacing_version in ${REPLACING_VERSIONS}; do
-		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
-		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
-			# Should never happen:
-			# Package is abusing slots but doesn't allow multiple parallel installations.
-			# If we run into this situation it is unsafe to automatically adjust any
-			# permission...
-			_has_to_show_permission_warning=1
-
-			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
-				"You will have to adjust permissions on your own."
-
-			break
-		fi
-
-		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
-		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
-		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
-		# This was before we introduced multiple nginx versions so we
-		# do not need to distinguish between stable and mainline
-		local _need_to_fix_CVE2013_0337=1
-
-		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
-			# We are updating an installation which should already be fixed
-			_need_to_fix_CVE2013_0337=0
-			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
-		else
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
-		fi
-
-		# Do we need to inform about HTTPoxy mitigation?
-		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_show_httpoxy_mitigation_notice=1
-			debug-print "Need to inform about HTTPoxy mitigation!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.1-r2"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.3-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that the user has
-					# already seen the HTTPoxy mitigation notice because he/she is doing
-					# an update from previous version where we have already shown
-					# the warning. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation where we already informed
-				# that we are mitigating HTTPoxy per default
-				_has_to_show_httpoxy_mitigation_notice=0
-				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
-			else
-				_has_to_show_httpoxy_mitigation_notice=1
-				debug-print "Need to inform about HTTPoxy mitigation!"
-			fi
-		fi
-
-		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
-		# All branches up to 1.11 are affected
-		local _need_to_fix_CVE2016_1247=1
-
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.2-r3"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.6-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that we have already
-					# adjusted permissions or were never affected because user is
-					# doing an update from previous version which was safe or did
-					# the adjustments. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation which should already be adjusted
-				# or which was never affected
-				_need_to_fix_CVE2016_1247=0
-				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
-			else
-				_has_to_adjust_permissions=1
-				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-			fi
-		fi
-	done
-
-	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
-		# We do not DIE when chmod/chown commands are failing because
-		# package is already merged on user's system at this stage
-		# and we cannot retry without losing the information that
-		# the existing installation needs to adjust permissions.
-		# Instead we are going to a show a big warning ...
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The world-readable bit (if set) has been removed from the"
-			ewarn "following directories to mitigate a security bug"
-			ewarn "(CVE-2013-0337, bug #458726):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
-			chmod o-rwx \
-				"${EPREFIX%/}"/var/log/nginx \
-				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
-				_has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The permissions on the following directory have been reset in"
-			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "Also ensure that no other log directory used by any of your"
-			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-			ewarn "used by nginx can be abused to escalate privileges!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
-			# Should never happen ...
-			ewarn ""
-			ewarn "*************************************************************"
-			ewarn "***************         W A R N I N G         ***************"
-			ewarn "*************************************************************"
-			ewarn "The one-time only attempt to adjust permissions of the"
-			ewarn "existing nginx installation failed. Be aware that we will not"
-			ewarn "try to adjust the same permissions again because now you are"
-			ewarn "using a nginx version where we expect that the permissions"
-			ewarn "are already adjusted or that you know what you are doing and"
-			ewarn "want to keep custom permissions."
-			ewarn ""
-		fi
-	fi
-
-	# Sanity check for CVE-2016-1247
-	# Required to warn users who received the warning above and thought
-	# they could fix it by unmerging and re-merging the package or have
-	# unmerged a affected installation on purpose in the past leaving
-	# /var/log/nginx on their system due to keepdir/non-empty folder
-	# and are now installing the package again.
-	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
-	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
-	if [ $? -eq 0 ] ; then
-		# Cleanup -- no reason to die here!
-		rm -f "${_sanity_check_testfile}"
-
-		ewarn ""
-		ewarn "*************************************************************"
-		ewarn "***************         W A R N I N G         ***************"
-		ewarn "*************************************************************"
-		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
-		ewarn "(bug #605008) because nginx user is able to create files in"
-		ewarn ""
-		ewarn "  ${EPREFIX%/}/var/log/nginx"
-		ewarn ""
-		ewarn "Also ensure that no other log directory used by any of your"
-		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-		ewarn "used by nginx can be abused to escalate privileges!"
-	fi
-
-	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
-		# HTTPoxy mitigation
-		ewarn ""
-		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
-		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
-		ewarn "are sourcing one of the default"
-		ewarn ""
-		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
-		ewarn "  - 'scgi_params'"
-		ewarn "  - 'uwsgi_params'"
-		ewarn ""
-		ewarn "files in your server block(s)."
-		ewarn ""
-		ewarn "If this is causing any problems for you make sure that you are sourcing the"
-		ewarn "default parameters _before_ you set your own values."
-		ewarn "If you are relying on user-supplied proxy values you have to remove the"
-		ewarn "correlating lines from the file(s) mentioned above."
-		ewarn ""
-	fi
-}

diff --git a/www-servers/nginx/nginx-1.15.5.ebuild b/www-servers/nginx/nginx-1.15.5.ebuild
deleted file mode 100644
index 1ea681b2bcf..00000000000
--- a/www-servers/nginx/nginx-1.15.5.ebuild
+++ /dev/null
@@ -1,1081 +0,0 @@
-# Copyright 1999-2018 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-# Maintainer notes:
-# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
-# - any http-module activates the main http-functionality and overrides USE=-http
-# - keep the following requirements in mind before adding external modules:
-#	* alive upstream
-#	* sane packaging
-#	* builds cleanly
-#	* does not need a patch for nginx core
-# - TODO: test the google-perftools module (included in vanilla tarball)
-
-# prevent perl-module from adding automagic perl DEPENDs
-GENTOO_DEPEND_ON_PERL="no"
-
-# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
-DEVEL_KIT_MODULE_PV="0.3.0"
-DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
-DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
-DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
-
-# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
-HTTP_BROTLI_MODULE_PV="0.1.2"
-HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
-HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
-
-# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
-HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
-HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
-HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
-HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
-
-# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
-HTTP_HEADERS_MORE_MODULE_PV="0.33"
-HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
-HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
-HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
-
-# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
-HTTP_CACHE_PURGE_MODULE_PV="2.3"
-HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
-HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
-
-# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
-HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
-HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
-HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
-
-# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
-HTTP_FANCYINDEX_MODULE_PV="0.4.3"
-HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
-HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
-
-# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
-HTTP_LUA_MODULE_PV="0.10.13"
-HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
-HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
-HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
-
-# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
-HTTP_AUTH_PAM_MODULE_PV="1.5.1"
-HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
-HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
-HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
-
-# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
-HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
-HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
-HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
-
-# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
-HTTP_METRICS_MODULE_PV="0.1.1"
-HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
-HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
-
-# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
-HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
-
-# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
-HTTP_NAXSI_MODULE_PV="0.56"
-HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
-HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
-HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
-
-# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
-RTMP_MODULE_PV="1.2.1"
-RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
-RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
-RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
-
-# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
-HTTP_DAV_EXT_MODULE_PV="0.1.0"
-HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
-HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
-HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
-
-# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
-HTTP_ECHO_MODULE_PV="0.61"
-HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
-HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
-HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
-
-# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
-# keep the MODULE_P here consistent with upstream to avoid tarball duplication
-HTTP_SECURITY_MODULE_PV="2.9.2"
-HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
-HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
-HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
-
-# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
-HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
-HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
-HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
-HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
-
-# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
-HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
-HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
-HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
-HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
-
-# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
-HTTP_MOGILEFS_MODULE_PV="1.0.4"
-HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
-HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
-
-# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
-HTTP_MEMC_MODULE_PV="0.19"
-HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
-HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
-HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
-
-# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
-HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
-HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
-HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
-
-# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
-GEOIP2_MODULE_PV="2.0"
-GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
-GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
-
-# njs-module (https://github.com/nginx/njs, as-is)
-NJS_MODULE_PV="0.2.4"
-NJS_MODULE_P="njs-${NJS_MODULE_PV}"
-NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
-NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
-
-# We handle deps below ourselves
-SSL_DEPS_SKIP=1
-AUTOTOOLS_AUTO_DEPEND="no"
-
-inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
-
-DESCRIPTION="Robust, small and high performance http and reverse proxy server"
-HOMEPAGE="https://nginx.org"
-SRC_URI="https://nginx.org/download/${P}.tar.gz
-	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
-	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
-	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
-	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
-	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
-	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
-	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
-	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
-	nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
-	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
-	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
-	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
-	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
-	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
-	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
-	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
-	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
-	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
-	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
-	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
-	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
-	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
-	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
-	nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
-	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
-	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
-
-LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
-	nginx_modules_http_security? ( Apache-2.0 )
-	nginx_modules_http_push_stream? ( GPL-3 )"
-
-SLOT="mainline"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
-
-# Package doesn't provide a real test suite
-RESTRICT="test"
-
-NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
-	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
-	proxy referer rewrite scgi ssi split_clients upstream_hash
-	upstream_ip_hash upstream_keepalive upstream_least_conn
-	upstream_zone userid uwsgi"
-NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
-	gzip_static image_filter mp4 perl random_index realip secure_link
-	slice stub_status sub xslt"
-NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
-	upstream_hash upstream_least_conn upstream_zone"
-NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
-NGINX_MODULES_MAIL="imap pop3 smtp"
-NGINX_MODULES_3RD="
-	http_auth_ldap
-	http_auth_pam
-	http_brotli
-	http_cache_purge
-	http_dav_ext
-	http_echo
-	http_fancyindex
-	http_geoip2
-	http_headers_more
-	http_javascript
-	http_lua
-	http_memc
-	http_metrics
-	http_mogilefs
-	http_naxsi
-	http_push_stream
-	http_security
-	http_slowfs_cache
-	http_sticky
-	http_upload_progress
-	http_upstream_check
-	http_vhost_traffic_status
-	stream_geoip2
-	stream_javascript
-"
-
-IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
-	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
-
-for mod in $NGINX_MODULES_STD; do
-	IUSE="${IUSE} +nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_OPT; do
-	IUSE="${IUSE} nginx_modules_http_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_STD; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_STREAM_OPT; do
-	IUSE="${IUSE} nginx_modules_stream_${mod}"
-done
-
-for mod in $NGINX_MODULES_MAIL; do
-	IUSE="${IUSE} nginx_modules_mail_${mod}"
-done
-
-for mod in $NGINX_MODULES_3RD; do
-	IUSE="${IUSE} nginx_modules_${mod}"
-done
-
-# Add so we can warn users updating about config changes
-# @TODO: jbergstroem: remove on next release series
-IUSE="${IUSE} nginx_modules_http_spdy"
-
-CDEPEND="
-	pcre? ( dev-libs/libpcre:= )
-	pcre-jit? ( dev-libs/libpcre:=[jit] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http2? (
-		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
-		libressl? ( dev-libs/libressl:= )
-	)
-	http-cache? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_brotli? ( app-arch/brotli:= )
-	nginx_modules_http_geoip? ( dev-libs/geoip )
-	nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
-	nginx_modules_http_gunzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip? ( sys-libs/zlib )
-	nginx_modules_http_gzip_static? ( sys-libs/zlib )
-	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
-	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
-	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
-	nginx_modules_http_secure_link? (
-		userland_GNU? (
-			!libressl? ( dev-libs/openssl:0= )
-			libressl? ( dev-libs/libressl:= )
-		)
-	)
-	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
-	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
-	nginx_modules_http_auth_pam? ( virtual/pam )
-	nginx_modules_http_metrics? ( dev-libs/yajl:= )
-	nginx_modules_http_dav_ext? ( dev-libs/expat )
-	nginx_modules_http_security? (
-		dev-libs/apr:=
-		dev-libs/apr-util:=
-		dev-libs/libxml2:=
-		net-misc/curl
-		www-servers/apache
-	)
-	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
-	nginx_modules_stream_geoip? ( dev-libs/geoip )
-	nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-nginx )
-	!www-servers/nginx:0"
-DEPEND="${CDEPEND}
-	nginx_modules_http_brotli? ( virtual/pkgconfig )
-	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
-	arm? ( dev-libs/libatomic_ops )
-	libatomic? ( dev-libs/libatomic_ops )"
-PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
-
-REQUIRED_USE="pcre-jit? ( pcre )
-	nginx_modules_http_grpc? ( http2 )
-	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
-	nginx_modules_http_naxsi? ( pcre )
-	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
-	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
-	nginx_modules_http_security? ( pcre )
-	nginx_modules_http_push_stream? ( ssl )"
-
-pkg_setup() {
-	NGINX_HOME="/var/lib/nginx"
-	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
-
-	ebegin "Creating nginx user and group"
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
-	eend $?
-
-	if use libatomic; then
-		ewarn "GCC 4.1+ features built-in atomic operations."
-		ewarn "Using libatomic_ops is only needed if using"
-		ewarn "a different compiler or a GCC prior to 4.1"
-	fi
-
-	if [[ -n $NGINX_ADD_MODULES ]]; then
-		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
-		ewarn "This nginx installation is not supported!"
-		ewarn "Make sure you can reproduce the bug without those modules"
-		ewarn "_before_ reporting bugs."
-	fi
-
-	if use !http; then
-		ewarn "To actually disable all http-functionality you also have to disable"
-		ewarn "all nginx http modules."
-	fi
-
-	if use nginx_modules_http_mogilefs && use threads; then
-		eerror "mogilefs won't compile with threads support."
-		eerror "Please disable either flag and try again."
-		die "Can't compile mogilefs with threads support"
-	fi
-}
-
-src_prepare() {
-	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
-	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
-
-	if use nginx_modules_http_brotli; then
-		cd "${HTTP_BROTLI_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_brotli-detect-brotli-r1.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		eautoreconf
-
-		if use luajit ; then
-			sed -i \
-				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
-				configure || die
-		fi
-
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_upload_progress; then
-		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
-		cd "${S}" || die
-	fi
-
-	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
-	# We have config protection, don't rename etc files
-	sed -i 's:.default::' auto/install || die
-	# remove useless files
-	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
-
-	# don't install to /etc/nginx/ if not in use
-	local module
-	for module in fastcgi scgi uwsgi ; do
-		if ! use nginx_modules_http_${module}; then
-			sed -i -e "/${module}/d" auto/install || die
-		fi
-	done
-
-	eapply_user
-}
-
-src_configure() {
-	# mod_security needs to generate nginx/modsecurity/config before including it
-	if use nginx_modules_http_security; then
-		cd "${HTTP_SECURITY_MODULE_WD}" || die
-
-		./configure \
-			--enable-standalone-module \
-			--disable-mlogc \
-			--with-ssdeep=no \
-			$(use_enable pcre-jit) \
-			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
-
-		cd "${S}" || die
-	fi
-
-	local myconf=() http_enabled= mail_enabled= stream_enabled=
-
-	use aio       && myconf+=( --with-file-aio )
-	use debug     && myconf+=( --with-debug )
-	use http2     && myconf+=( --with-http_v2_module )
-	use libatomic && myconf+=( --with-libatomic )
-	use pcre      && myconf+=( --with-pcre )
-	use pcre-jit  && myconf+=( --with-pcre-jit )
-	use threads   && myconf+=( --with-threads )
-
-	# HTTP modules
-	for mod in $NGINX_MODULES_STD; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-		else
-			myconf+=( --without-http_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_OPT; do
-		if use nginx_modules_http_${mod}; then
-			http_enabled=1
-			myconf+=( --with-http_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_http_fastcgi; then
-		myconf+=( --with-http_realip_module )
-	fi
-
-	# third-party modules
-	if use nginx_modules_http_upload_progress; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_headers_more; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_lua; then
-		http_enabled=1
-		if use luajit; then
-			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
-			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
-		else
-			export LUA_LIB=$(pkg-config --variable libdir lua)
-			export LUA_INC=$(pkg-config --variable includedir lua)
-		fi
-		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
-		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_metrics; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_naxsi ; then
-		http_enabled=1
-		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
-	fi
-
-	if use rtmp ; then
-		http_enabled=1
-		myconf+=( --add-module=${RTMP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_dav_ext ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_echo ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_security ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
-	fi
-
-	if use nginx_modules_http_push_stream ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_sticky ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_mogilefs ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_memc ; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_vhost_traffic_status; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
-		myconf+=( --add-module=${GEOIP2_MODULE_WD} )
-	fi
-
-	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
-		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
-	fi
-
-	if use nginx_modules_http_brotli; then
-		http_enabled=1
-		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
-	fi
-
-	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
-		http_enabled=1
-	fi
-
-	if [ $http_enabled ]; then
-		use http-cache || myconf+=( --without-http-cache )
-		use ssl && myconf+=( --with-http_ssl_module )
-	else
-		myconf+=( --without-http --without-http-cache )
-	fi
-
-	# Stream modules
-	for mod in $NGINX_MODULES_STREAM_STD; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-		else
-			myconf+=( --without-stream_${mod}_module )
-		fi
-	done
-
-	for mod in $NGINX_MODULES_STREAM_OPT; do
-		if use nginx_modules_stream_${mod}; then
-			stream_enabled=1
-			myconf+=( --with-stream_${mod}_module )
-		fi
-	done
-
-	if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
-		stream_enabled=1
-	fi
-
-	if [ $stream_enabled ]; then
-		myconf+=( --with-stream )
-		use ssl && myconf+=( --with-stream_ssl_module )
-	fi
-
-	# MAIL modules
-	for mod in $NGINX_MODULES_MAIL; do
-		if use nginx_modules_mail_${mod}; then
-			mail_enabled=1
-		else
-			myconf+=( --without-mail_${mod}_module )
-		fi
-	done
-
-	if [ $mail_enabled ]; then
-		myconf+=( --with-mail )
-		use ssl && myconf+=( --with-mail_ssl_module )
-	fi
-
-	# custom modules
-	for mod in $NGINX_ADD_MODULES; do
-		myconf+=(  --add-module=${mod} )
-	done
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	tc-export CC
-
-	if ! use prefix; then
-		myconf+=( --user=${PN} )
-		myconf+=( --group=${PN} )
-	fi
-
-	local WITHOUT_IPV6=
-	if ! use ipv6; then
-		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
-	fi
-
-	if [[ -n "${EXTRA_ECONF}" ]]; then
-		myconf+=( ${EXTRA_ECONF} )
-		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
-	fi
-
-	./configure \
-		--prefix="${EPREFIX}"/usr \
-		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
-		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
-		--pid-path="${EPREFIX}"/run/${PN}.pid \
-		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
-		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
-		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
-		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
-		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
-		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
-		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
-		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
-		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
-		--with-compat \
-		"${myconf[@]}" || die "configure failed"
-
-	# A purely cosmetic change that makes nginx -V more readable. This can be
-	# good if people outside the gentoo community would troubleshoot and
-	# question the users setup.
-	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
-}
-
-src_compile() {
-	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
-
-	# https://bugs.gentoo.org/286772
-	export LANG=C LC_ALL=C
-	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
-}
-
-src_install() {
-	emake DESTDIR="${D%/}" install
-
-	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
-
-	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
-	newconfd "${FILESDIR}"/nginx.confd nginx
-
-	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
-
-	doman man/nginx.8
-	dodoc CHANGES* README
-
-	# just keepdir. do not copy the default htdocs files (bug #449136)
-	keepdir /var/www/localhost
-	rm -rf "${D}"usr/html || die
-
-	# set up a list of directories to keep
-	local keepdir_list="${NGINX_HOME_TMP}"/client
-	local module
-	for module in proxy fastcgi scgi uwsgi; do
-		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
-	done
-
-	keepdir /var/log/nginx ${keepdir_list}
-
-	# this solves a problem with SELinux where nginx doesn't see the directories
-	# as root and tries to create them as nginx
-	fperms 0750 "${NGINX_HOME_TMP}"
-	fowners ${PN}:0 "${NGINX_HOME_TMP}"
-
-	fperms 0700 ${keepdir_list}
-	fowners ${PN}:${PN} ${keepdir_list}
-
-	fperms 0710 /var/log/nginx
-	fowners 0:${PN} /var/log/nginx
-
-	# logrotate
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
-
-	if use nginx_modules_http_perl; then
-		cd "${S}"/objs/src/http/modules/perl/ || die
-		emake DESTDIR="${D}" INSTALLDIRS=vendor
-		perl_delete_localpod
-		cd "${S}" || die
-	fi
-
-	if use nginx_modules_http_cache_purge; then
-		docinto ${HTTP_CACHE_PURGE_MODULE_P}
-		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
-	fi
-
-	if use nginx_modules_http_slowfs_cache; then
-		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
-		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
-	fi
-
-	if use nginx_modules_http_fancyindex; then
-		docinto ${HTTP_FANCYINDEX_MODULE_P}
-		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_lua; then
-		docinto ${HTTP_LUA_MODULE_P}
-		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_pam; then
-		docinto ${HTTP_AUTH_PAM_MODULE_P}
-		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
-	fi
-
-	if use nginx_modules_http_upstream_check; then
-		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
-		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
-	fi
-
-	if use nginx_modules_http_naxsi; then
-		insinto /etc/nginx
-		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
-	fi
-
-	if use rtmp; then
-		docinto ${RTMP_MODULE_P}
-		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
-	fi
-
-	if use nginx_modules_http_dav_ext; then
-		docinto ${HTTP_DAV_EXT_MODULE_P}
-		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
-	fi
-
-	if use nginx_modules_http_echo; then
-		docinto ${HTTP_ECHO_MODULE_P}
-		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_security; then
-		docinto ${HTTP_SECURITY_MODULE_P}
-		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
-	fi
-
-	if use nginx_modules_http_push_stream; then
-		docinto ${HTTP_PUSH_STREAM_MODULE_P}
-		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
-	fi
-
-	if use nginx_modules_http_sticky; then
-		docinto ${HTTP_STICKY_MODULE_P}
-		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
-	fi
-
-	if use nginx_modules_http_memc; then
-		docinto ${HTTP_MEMC_MODULE_P}
-		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
-	fi
-
-	if use nginx_modules_http_auth_ldap; then
-		docinto ${HTTP_LDAP_MODULE_P}
-		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
-	fi
-}
-
-pkg_postinst() {
-	if use ssl; then
-		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
-			install_cert /etc/ssl/${PN}/${PN}
-			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
-		fi
-	fi
-
-	if use nginx_modules_http_spdy; then
-		ewarn ""
-		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
-		ewarn "Update your configs and package.use accordingly."
-	fi
-
-	if use nginx_modules_http_lua; then
-		ewarn ""
-		ewarn "While you can build lua 3rd party module against ${P}"
-		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
-		ewarn "officially supported target yet. You are on your own."
-		ewarn "Expect runtime failures, memory leaks and other problems!"
-	fi
-
-	if use nginx_modules_http_lua && use http2; then
-		ewarn ""
-		ewarn "Lua 3rd party module author warns against using ${P} with"
-		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
-	fi
-
-	local _n_permission_layout_checks=0
-	local _has_to_adjust_permissions=0
-	local _has_to_show_permission_warning=0
-
-	# Defaults to 1 to inform people doing a fresh installation
-	# that we ship modified {scgi,uwsgi,fastcgi}_params files
-	local _has_to_show_httpoxy_mitigation_notice=1
-
-	local _replacing_version=
-	for _replacing_version in ${REPLACING_VERSIONS}; do
-		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
-
-		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
-			# Should never happen:
-			# Package is abusing slots but doesn't allow multiple parallel installations.
-			# If we run into this situation it is unsafe to automatically adjust any
-			# permission...
-			_has_to_show_permission_warning=1
-
-			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
-				"You will have to adjust permissions on your own."
-
-			break
-		fi
-
-		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
-		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
-
-		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
-		# This was before we introduced multiple nginx versions so we
-		# do not need to distinguish between stable and mainline
-		local _need_to_fix_CVE2013_0337=1
-
-		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
-			# We are updating an installation which should already be fixed
-			_need_to_fix_CVE2013_0337=0
-			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
-		else
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
-		fi
-
-		# Do we need to inform about HTTPoxy mitigation?
-		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_show_httpoxy_mitigation_notice=1
-			debug-print "Need to inform about HTTPoxy mitigation!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.1-r2"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.3-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that the user has
-					# already seen the HTTPoxy mitigation notice because he/she is doing
-					# an update from previous version where we have already shown
-					# the warning. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation where we already informed
-				# that we are mitigating HTTPoxy per default
-				_has_to_show_httpoxy_mitigation_notice=0
-				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
-			else
-				_has_to_show_httpoxy_mitigation_notice=1
-				debug-print "Need to inform about HTTPoxy mitigation!"
-			fi
-		fi
-
-		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
-		# All branches up to 1.11 are affected
-		local _need_to_fix_CVE2016_1247=1
-
-		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
-			# Updating from <1.10
-			_has_to_adjust_permissions=1
-			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-		else
-			# Updating from >=1.10
-			local _fixed_in_pvr=
-			case "${_replacing_version_branch}" in
-				"1.10")
-					_fixed_in_pvr="1.10.2-r3"
-					;;
-				"1.11")
-					_fixed_in_pvr="1.11.6-r1"
-					;;
-				*)
-					# This should be any future branch.
-					# If we run this code it is safe to assume that we have already
-					# adjusted permissions or were never affected because user is
-					# doing an update from previous version which was safe or did
-					# the adjustments. Otherwise, we wouldn't hit this code path ...
-					_fixed_in_pvr=
-			esac
-
-			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
-				# We are updating an installation which should already be adjusted
-				# or which was never affected
-				_need_to_fix_CVE2016_1247=0
-				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
-			else
-				_has_to_adjust_permissions=1
-				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
-			fi
-		fi
-	done
-
-	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
-		# We do not DIE when chmod/chown commands are failing because
-		# package is already merged on user's system at this stage
-		# and we cannot retry without losing the information that
-		# the existing installation needs to adjust permissions.
-		# Instead we are going to a show a big warning ...
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The world-readable bit (if set) has been removed from the"
-			ewarn "following directories to mitigate a security bug"
-			ewarn "(CVE-2013-0337, bug #458726):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
-			chmod o-rwx \
-				"${EPREFIX%/}"/var/log/nginx \
-				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
-				_has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
-			ewarn ""
-			ewarn "The permissions on the following directory have been reset in"
-			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
-			ewarn ""
-			ewarn "  ${EPREFIX%/}/var/log/nginx"
-			ewarn ""
-			ewarn "Check if this is correct for your setup before restarting nginx!"
-			ewarn "Also ensure that no other log directory used by any of your"
-			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-			ewarn "used by nginx can be abused to escalate privileges!"
-			ewarn "This is a one-time change and will not happen on subsequent updates."
-			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
-		fi
-
-		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
-			# Should never happen ...
-			ewarn ""
-			ewarn "*************************************************************"
-			ewarn "***************         W A R N I N G         ***************"
-			ewarn "*************************************************************"
-			ewarn "The one-time only attempt to adjust permissions of the"
-			ewarn "existing nginx installation failed. Be aware that we will not"
-			ewarn "try to adjust the same permissions again because now you are"
-			ewarn "using a nginx version where we expect that the permissions"
-			ewarn "are already adjusted or that you know what you are doing and"
-			ewarn "want to keep custom permissions."
-			ewarn ""
-		fi
-	fi
-
-	# Sanity check for CVE-2016-1247
-	# Required to warn users who received the warning above and thought
-	# they could fix it by unmerging and re-merging the package or have
-	# unmerged a affected installation on purpose in the past leaving
-	# /var/log/nginx on their system due to keepdir/non-empty folder
-	# and are now installing the package again.
-	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
-	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
-	if [ $? -eq 0 ] ; then
-		# Cleanup -- no reason to die here!
-		rm -f "${_sanity_check_testfile}"
-
-		ewarn ""
-		ewarn "*************************************************************"
-		ewarn "***************         W A R N I N G         ***************"
-		ewarn "*************************************************************"
-		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
-		ewarn "(bug #605008) because nginx user is able to create files in"
-		ewarn ""
-		ewarn "  ${EPREFIX%/}/var/log/nginx"
-		ewarn ""
-		ewarn "Also ensure that no other log directory used by any of your"
-		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
-		ewarn "used by nginx can be abused to escalate privileges!"
-	fi
-
-	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
-		# HTTPoxy mitigation
-		ewarn ""
-		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
-		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
-		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
-		ewarn "are sourcing one of the default"
-		ewarn ""
-		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
-		ewarn "  - 'scgi_params'"
-		ewarn "  - 'uwsgi_params'"
-		ewarn ""
-		ewarn "files in your server block(s)."
-		ewarn ""
-		ewarn "If this is causing any problems for you make sure that you are sourcing the"
-		ewarn "default parameters _before_ you set your own values."
-		ewarn "If you are relying on user-supplied proxy values you have to remove the"
-		ewarn "correlating lines from the file(s) mentioned above."
-		ewarn ""
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/files/, www-servers/nginx/

[Thomas Deutschmann]

commit:     4a33b110e36087f1a5e43e47dd846f7bf26b4414
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 13 15:37:16 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Thu Dec 13 15:39:29 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4a33b110

www-servers/nginx: http_auth_pam: adjust loglevel for auth failures

Package-Manager: Portage-2.3.52, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 ...just-loglevel-for-authentication-failures.patch | 22 ++++++++++++++++++++++
 ...{nginx-1.14.2.ebuild => nginx-1.14.2-r1.ebuild} |  6 ++++++
 ...{nginx-1.15.7.ebuild => nginx-1.15.7-r1.ebuild} |  6 ++++++
 3 files changed, 34 insertions(+)

diff --git a/www-servers/nginx/files/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch b/www-servers/nginx/files/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
new file mode 100644
index 00000000000..632dcdee50e
--- /dev/null
+++ b/www-servers/nginx/files/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
@@ -0,0 +1,22 @@
+https://github.com/sto/ngx_http_auth_pam_module/pull/18
+
+--- a/ngx_http_auth_pam_module.c
++++ b/ngx_http_auth_pam_module.c
+@@ -348,7 +348,7 @@ ngx_http_auth_pam_authenticate(ngx_http_request_t *r,
+     /* try to authenticate user, log error on failure */
+     if ((rc = pam_authenticate(pamh,
+                                PAM_DISALLOW_NULL_AUTHTOK)) != PAM_SUCCESS) {
+-        ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
++        ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+                       "PAM: user '%s' - not authenticated: %s",
+                       ainfo.username.data, pam_strerror(pamh, rc));
+         pam_end(pamh, PAM_SUCCESS);
+@@ -357,7 +357,7 @@ ngx_http_auth_pam_authenticate(ngx_http_request_t *r,
+ 
+     /* check that the account is healthy */
+     if ((rc = pam_acct_mgmt(pamh, PAM_DISALLOW_NULL_AUTHTOK)) != PAM_SUCCESS) {
+-        ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
++        ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+                       "PAM: user '%s'  - invalid account: %s",
+                       ainfo.username.data, pam_strerror(pamh, rc));
+         pam_end(pamh, PAM_SUCCESS);

diff --git a/www-servers/nginx/nginx-1.14.2.ebuild b/www-servers/nginx/nginx-1.14.2-r1.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.14.2.ebuild
rename to www-servers/nginx/nginx-1.14.2-r1.ebuild
index 66b09925f1e..08100e45578 100644
--- a/www-servers/nginx/nginx-1.14.2.ebuild
+++ b/www-servers/nginx/nginx-1.14.2-r1.ebuild
@@ -381,6 +381,12 @@ src_prepare() {
 	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
 	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
 
+	if use nginx_modules_http_auth_pam; then
+		cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
+		cd "${S}" || die
+	fi
+
 	if use nginx_modules_http_brotli; then
 		cd "${HTTP_BROTLI_MODULE_WD}" || die
 		eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch

diff --git a/www-servers/nginx/nginx-1.15.7.ebuild b/www-servers/nginx/nginx-1.15.7-r1.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.15.7.ebuild
rename to www-servers/nginx/nginx-1.15.7-r1.ebuild
index e873f4b5416..6fbcd2eaad4 100644
--- a/www-servers/nginx/nginx-1.15.7.ebuild
+++ b/www-servers/nginx/nginx-1.15.7-r1.ebuild
@@ -381,6 +381,12 @@ src_prepare() {
 	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
 	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
 
+	if use nginx_modules_http_auth_pam; then
+		cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
+		cd "${S}" || die
+	fi
+
 	if use nginx_modules_http_brotli; then
 		cd "${HTTP_BROTLI_MODULE_WD}" || die
 		eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/files/, www-servers/nginx/

[Thomas Deutschmann]

commit:     e3bd72e8a4c33582860aa2ebcb578af80c5fcbb2
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Aug 14 00:07:12 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Aug 14 00:07:21 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e3bd72e8

www-servers/nginx: drop http_auth_pam patch

...now included in upstream release.

Package-Manager: Portage-3.0.2, Repoman-2.3.23
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 ...just-loglevel-for-authentication-failures.patch | 22 ----------------
 .../nginx/files/http_brotli-detect-brotli-r2.patch | 30 ----------------------
 www-servers/nginx/nginx-1.18.0-r2.ebuild           |  6 -----
 www-servers/nginx/nginx-1.19.2-r1.ebuild           |  6 -----
 4 files changed, 64 deletions(-)

diff --git a/www-servers/nginx/files/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch b/www-servers/nginx/files/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
deleted file mode 100644
index 632dcdee50e..00000000000
--- a/www-servers/nginx/files/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-https://github.com/sto/ngx_http_auth_pam_module/pull/18
-
---- a/ngx_http_auth_pam_module.c
-+++ b/ngx_http_auth_pam_module.c
-@@ -348,7 +348,7 @@ ngx_http_auth_pam_authenticate(ngx_http_request_t *r,
-     /* try to authenticate user, log error on failure */
-     if ((rc = pam_authenticate(pamh,
-                                PAM_DISALLOW_NULL_AUTHTOK)) != PAM_SUCCESS) {
--        ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
-+        ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
-                       "PAM: user '%s' - not authenticated: %s",
-                       ainfo.username.data, pam_strerror(pamh, rc));
-         pam_end(pamh, PAM_SUCCESS);
-@@ -357,7 +357,7 @@ ngx_http_auth_pam_authenticate(ngx_http_request_t *r,
- 
-     /* check that the account is healthy */
-     if ((rc = pam_acct_mgmt(pamh, PAM_DISALLOW_NULL_AUTHTOK)) != PAM_SUCCESS) {
--        ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
-+        ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
-                       "PAM: user '%s'  - invalid account: %s",
-                       ainfo.username.data, pam_strerror(pamh, rc));
-         pam_end(pamh, PAM_SUCCESS);

diff --git a/www-servers/nginx/files/http_brotli-detect-brotli-r2.patch b/www-servers/nginx/files/http_brotli-detect-brotli-r2.patch
deleted file mode 100644
index 8774fa60d1c..00000000000
--- a/www-servers/nginx/files/http_brotli-detect-brotli-r2.patch
+++ /dev/null
@@ -1,30 +0,0 @@
---- a/config
-+++ b/config
-@@ -59,13 +59,7 @@ have=NGX_HTTP_BROTLI_STATIC_MODULE . auto/have  # deprecated
- ngx_module_type=HTTP_FILTER
- ngx_module_name=ngx_http_brotli_filter_module
- 
--brotli="/usr/local"
--
--if [  -f "/usr/include/brotli/encode.h" ]; then
--
--brotli="/usr"
--
--fi
-+brotli=$(pkg-config --variable=prefix libbrotlienc)
- 
- if [ ! -f "$brotli/include/brotli/encode.h" ]; then
- 
-@@ -75,11 +69,7 @@ if [ ! -f "$brotli/include/brotli/encode.h" ]; then
- cat << END
- 
- $0: error: \
--Brotli library is missing from the $brotli directory.
--
--Please make sure that the git submodule has been checked out:
--
--    cd $ngx_addon_dir && git submodule update --init && cd $PWD
-+Brotli library not found. Don't you have app-arch/brotli installed?
- 
- END
-     exit 1

diff --git a/www-servers/nginx/nginx-1.18.0-r2.ebuild b/www-servers/nginx/nginx-1.18.0-r2.ebuild
index e69e9dc9c5d..c4aa1254fc9 100644
--- a/www-servers/nginx/nginx-1.18.0-r2.ebuild
+++ b/www-servers/nginx/nginx-1.18.0-r2.ebuild
@@ -385,12 +385,6 @@ src_prepare() {
 	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
 	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
 
-	if use nginx_modules_http_auth_pam; then
-		cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
-		cd "${S}" || die
-	fi
-
 	if use nginx_modules_http_brotli; then
 		cd "${HTTP_BROTLI_MODULE_WD}" || die
 		eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch

diff --git a/www-servers/nginx/nginx-1.19.2-r1.ebuild b/www-servers/nginx/nginx-1.19.2-r1.ebuild
index 541a05f9b06..a23f3375b04 100644
--- a/www-servers/nginx/nginx-1.19.2-r1.ebuild
+++ b/www-servers/nginx/nginx-1.19.2-r1.ebuild
@@ -385,12 +385,6 @@ src_prepare() {
 	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
 	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
 
-	if use nginx_modules_http_auth_pam; then
-		cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
-		eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
-		cd "${S}" || die
-	fi
-
 	if use nginx_modules_http_brotli; then
 		cd "${HTTP_BROTLI_MODULE_WD}" || die
 		eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/files/, www-servers/nginx/

[Conrad Kostecki]

commit:     fef9c212cc857654acea385e37a492e818e3d417
Author:     Tomáš Mózes <hydrapolic <AT> gmail <DOT> com>
AuthorDate: Mon Jul 11 13:37:11 2022 +0000
Commit:     Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Wed Jul 13 19:01:59 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fef9c212

www-servers/nginx: bump to 1.23.0

Bug: https://bugs.gentoo.org/838247
Closes: https://bugs.gentoo.org/852953
Signed-off-by: Tomáš Mózes <hydrapolic <AT> gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/26347
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>

 www-servers/nginx/Manifest                         |    6 +
 .../files/http_headers_more-nginx-1.23.0.patch     |  187 ++++
 .../nginx/files/http_sticky-nginx-1.23.0.patch     |   25 +
 .../files/http_uploadprogress-nginx-1.23.0.patch   |   74 ++
 www-servers/nginx/nginx-1.23.0.ebuild              | 1028 ++++++++++++++++++++
 5 files changed, 1320 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index af5566fb23fa..c19149f8e8c0 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,5 +1,6 @@
 DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72ccc586d0d7e9d9b91f036a61baa70d1ac8b4ad8045a2bb7a13515912a15fba7d3cdb9670ae6730de43b1e44ee90ded6d SHA512 4e1ea5dd8edadf8f630e4fe92a200d3a8e78963fce3128b5975a1e1ecd0e8bf9ceecd9905c95f8c508932ccd837f1d8ae8bb2ba423307718c3c6a4ae9b783ddd
 DIST nginx-1.21.6.tar.gz 1073364 BLAKE2B 815d035df33bd947eec41a2f5c993d1f179aa0bd4d069280916aa089a2f96fd3bada7a7192b4a0ef7b8f43036f3a2def0e93d8c8f720dd7145a5d55ea058652f SHA512 10b0cdd13b26687104bf11e6b850fd851e9d8881bdf67f72c062d956e661da4d70482e6ec3123405b324ad7ed821a8bcc67b742dce9f59e972407fa437ddcad4
+DIST nginx-1.23.0.tar.gz 1102940 BLAKE2B 375e63449dda4bb8df3535cc3f31bede03bf6cdc374c46fe5f5e1107fbf9e829d15f329123bd19d96f8236ca665cde3000366967372193fc023a3212bac562a9 SHA512 c76619e42e7715898cce7e13f5672b36e9d9401f815d912a453aae8364b6f8a4365e3cc6858a333bf68ebea1191f0ad38136f2d1832facc9acbf6c8a883999cd
 DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
 DIST ngx_brotli-1.0.0rc.tar.gz 16207 BLAKE2B 450d0ea693bd98d4a1b615f2cdcaad41ccd28266f6d80beec7fe77fe750ab8c5d1bb55aabe15161b9b6d819d2b4d99a7774f2706f2f6fd084b52a7c7dddbc00c SHA512 05a880d5e48ac83be84498ed41fb4750211b827a9d7541acfd6ef494e5205a6e853d5594bfec3ab4ae668ea3f803e4f4b0ba550c76811971c8e266e42663c56d
@@ -11,11 +12,15 @@ DIST ngx_http_echo-0.62.tar.gz 53329 BLAKE2B 7d92184f7fb878cb5261be1c68de4432d47
 DIST ngx_http_fancyindex-0.4.4.tar.gz 26292 BLAKE2B a1ed76cb31cd4f7a349bcbe63d75f8e00331d0ba4ee9b7b1df41dac77fe64ebe6c72a6fd5f6ebc9de53e8d3a8a2ad5185fbaa533d8ff008fcf92f6956f267d80 SHA512 bf8ebb188c10fee5e6ebcb338fe20fdf859bb88d9b2b0e3da6f3e2f1847738d30760d2642d0dfe257092bdf2399b561631556a3a8e2fb33dc9cd0c59d371c173
 DIST ngx_http_geoip2_module-3.3.tar.gz 8509 BLAKE2B 4841e1bdd13b9b85f34732d1eb7447638f62bb09e1bd480da0fa8b0085d3b2d90a740732ef534c355feb71d7db613c73f68a4e6e3624b47a0937be046dfa1f8d SHA512 06963b598c54e22d75ce837fb222f5aa6c9494c29e558ff46f1205d7159fc305414bfac4ed3288c836dcbf7628d92f26458e1992d34fc2f4b73275a32847bdc0
 DIST ngx_http_headers_more-0.33.tar.gz 28130 BLAKE2B fe3097a7700ce5da087058f7bb44c95164b75137031187400473f6833bf0e33e5c4920807225a6ff94174fe7dbd6186cca176a33a629ca0911faab6804bdd12a SHA512 13165b1b8d4be281b8bd2404fa48d456013d560bace094c81da08a35dc6a4f025a809a3ae3a42be6bbf67abbcbe41e0730aba06f905220f3baeb01e1192a7d37
+DIST ngx_http_headers_more-d502e41996d24a382bd9c632e3ae3efa0a5fca66.tar.gz 28810 BLAKE2B cb71e6b8a9da6c72bc542e837391e932c5803d52cbf01eab0b70f501b620d7de03009a25d10e9ba9de46a6c9ffca109b50dea47cded687412eb55210ba6e68c8 SHA512 80193f95f9754b1d6fb784cde6b4c4d6f72b5cff406c26329a93ad87a5833cd87ef7a8113d719bbe6913fd8e1fb29f438fa81e6dada8c0fc39bf0f2e47fe08ae
 DIST ngx_http_lua-0.10.15.tar.gz 655110 BLAKE2B 73bf8e2f157c93f3d4e54b5aa63deb266731a10e3e48b2257756efee8d752e86440ca9c27bd27bc1d90075a5ffb58772eecb7c445db44cd055d2b9e0b4bac082 SHA512 1feea538464275e6e571860592628ad639b2259c8aab7f38575b81c0b355f1ade32a91643267bc9ec16519e3bcf3d132511513dc8c949f74a3bff975c85d8ff7
+DIST ngx_http_lua-b6d167cf1a93c0c885c28db5a439f2404874cb26.tar.gz 718179 BLAKE2B ac4893892dd2836e46055d57feb492e3122ab2c3c91e56917e52cb8ccc683469ab77d26990b9ee4a4bb3bf639267cce7ded7b07463912cc5579a7a09730da8b2 SHA512 f547c4f0490a25600b4533050db3b5d2ea595ad72e0737fc0be8060eddf7b5712e3dcca59e4d29999415c9455798e232a7de53a9380cbd38f264b4ea371e86c1
 DIST ngx_http_naxsi-0.56.tar.gz 192120 BLAKE2B cdbfc278f346ccdc0d5407d70ddd4740816d9fe786d3d65189d47e6f3b030c02352a30ed86bf1650139a21a8408e74c1ec7d7aa3512df1428870279ab384dd15 SHA512 4660751849bce303af6010b7257532404710106a94817e78d4bc4b566f8019620f24f30207f1d4366b88132a5124e34b164dc67ed80b6710f4bad66115564cbd
 DIST ngx_http_push_stream-0.5.4.tar.gz 183493 BLAKE2B ccae3113071cee38fa6a7accd580922dc2fc9fa22af737f400c2c5f59352d93ca6cceb47f2aee70dfc111afdf98d27aeb64ddc5a4dbf617359ea4da09486ac7f SHA512 467ae49409adb675979ff591f98df8c96d71ab5ebc2ef9b3c9430e38e7e84d311b4a98c2b1cb1886d895735223dd2a43370aab61b57b34adb1427c184e6b8c86
+DIST ngx_http_push_stream-8c02220d484d7848bc8e3a6d9b1c616987e86f66.tar.gz 196994 BLAKE2B 90baeb4fb03aeb309bcf1a987420067ca81843ff9b85b8fc26ba703741571e631826e5928a439a3ae79f2f5e369a3acb2cd803789308642ae757d67722ac7f33 SHA512 ad5424d65909d1cf0c2b64d7a4bc3123f4d3e240f1c9d611f6b6fc41167d169f474c723b1c327d42bd295f973a6365ad32e3f095b8c7c7cddc7e54aea138ca31
 DIST ngx_http_slowfs_cache-1.10.tar.gz 11809 BLAKE2B 54ec1bd0d1cc43cdaafc93ebd46b33374c57351c7f022eae0351d6961680abb03d896e7f058e67c43c4fee300253354feccb92d00e62bf91250e251e1860ec03 SHA512 fbc9609a8d6913aeefe535f206b9e53477503f131934ead2ae5a6169e395af2f5fb54778704824d5eeb22a4ef40a11ebbcde580db62a631f70edcc2cfc06b15d
 DIST ngx_http_upload_progress-0.9.2-r1.tar.gz 17268 BLAKE2B 7bbbf52e326c64a008339d2f80f123630fd314f705224c8f1c7d0c90bb4d31a24aaa95df55c9022838179114a031731a894992960aecc727635e0e2a0761d2c4 SHA512 c31c46344d49704389722325a041b9cd170fa290acefe92cfc572c07f711cd3039de78f28df48ca7dcb79b2e4bbe442580aaaf4d92883fd3a14bf41d66dd9d8c
+DIST ngx_http_upload_progress-68b3ab3b64a0cee7f785d161401c8be357bbed12.tar.gz 17379 BLAKE2B 4790657b3f207eca460a26f5c4d1139dcd495e29fffedab8d716105e6dc3039cbeeecf5f6005d364470951e25b472860b46e3e08bc9573a5a7b4a23f53532f8a SHA512 6603e15aa33edca5e647fd04b4f008f1729c78c527be262ef481890f37a6d57e89609cebfb7459fad18b249024fbe3722e09473987401e8d8dfdd7cf50e4df4f
 DIST ngx_http_upstream_check-9aecf15ec379fe98f62355c57b60c0bc83296f04.tar.gz 130073 BLAKE2B 3c93cef79425a46e22ae39adf13d5ebb0e5d36f5d6be8555ec068dd0017918f5355d82fbbe90ba934e58c52e89c2096e24012f75390c7159d1ebacfaaa112308 SHA512 fad2a0d3ac332b6e67c52e3525f6df8a432df3e92bc173190b8107fba7f24476ab9dae4824630299af68c15e856409bd47a3a79fb5b65e03a5133eb90142b8fc
 DIST ngx_http_vhost_traffic_status-46d85558e344dfe2b078ce757fd36c69a1ec2dd3.tar.gz 380721 BLAKE2B 8a63d9663aa896869345b97e4bb2a9ac93585d6d7ee16891c98f6445b90002ab90989d195399bf90c5a8ad32c4c908794b7cc33fa45183f9069c51906abb1606 SHA512 46451b3c9b7a3c57145fc8e1de9d8ee984286acff2fc3f4e6c4a39589eb42dd686844410312701d167eb369ab5943184b4fde1ef319359e272dad6fcdb8cad25
 DIST ngx_memc_module-0.19.tar.gz 34654 BLAKE2B 536384c264d88535179634d459d3a47b1d9b11885fbce46fbe9fa4df3dce365320b5963c56aecde3b0039d4f9954943d95f25c5f4fada6256861257f82ebbb12 SHA512 a64ec8dffcd011db2cd12b501271bf5c408f2f31fd2bf477b8db4e88adc5bb5732c4c2181ed8378cab6a937869d8f747ef52b22fe256c90df8440b91890edbe7
@@ -23,3 +28,4 @@ DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc
 DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
 DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
 DIST njs-0.7.2.tar.gz 584483 BLAKE2B 98f28e599f73aaacf2c155dd2a630b8dec9767725e47e6d93de05fb15b854277cd2fcc38ec915d8b04a769d40513725fe2061054521fed73967a6d61f04ce8e1 SHA512 7ff9c8f4e8cf1a3aeb0f2ed9f37e2b3f4966812966d1aca17dae8b454dd7fa725ccdc631b7dc1f3434f588e589f4cd419b9e087f3c745cd6ca092a683c92d82f
+DIST njs-0.7.5.tar.gz 592998 BLAKE2B 7e1178f928320741eb3af4a4b8692b061c9d223e2f905f2fb2b9f604924e7586f0fa4dc7dbdef9965f5f74f9a87bb87fc5550135ffe084aa71b25bebef5387fc SHA512 e33dbb285ff6216acddcd213fdbd73ffadd5730680bcec742b1598fa57b4d100da32c913b1c2648b3e87867fc29bf11075d70fa5655f85c62e42eb0a48d177f1

diff --git a/www-servers/nginx/files/http_headers_more-nginx-1.23.0.patch b/www-servers/nginx/files/http_headers_more-nginx-1.23.0.patch
new file mode 100644
index 000000000000..4c06315323f3
--- /dev/null
+++ b/www-servers/nginx/files/http_headers_more-nginx-1.23.0.patch
@@ -0,0 +1,187 @@
+diff --git a/src/ngx_http_headers_more_headers_in.c b/src/ngx_http_headers_more_headers_in.c
+index c3eb8f7..84c7525 100644
+--- a/src/ngx_http_headers_more_headers_in.c
++++ b/src/ngx_http_headers_more_headers_in.c
+@@ -158,9 +158,15 @@ static ngx_http_headers_more_set_header_t ngx_http_headers_more_set_handlers[]
+                  ngx_http_set_builtin_header },
+ #endif
+ 
++#if defined(nginx_version) && nginx_version >= 1023000
++    { ngx_string("Cookie"),
++                 offsetof(ngx_http_headers_in_t, cookie),
++                 ngx_http_set_builtin_multi_header },
++#else
+     { ngx_string("Cookie"),
+                  offsetof(ngx_http_headers_in_t, cookies),
+                  ngx_http_set_builtin_multi_header },
++#endif
+ 
+     { ngx_null_string, 0, ngx_http_set_header }
+ };
+diff --git a/.travis.yml b/.travis.yml
+index 9748a99..bf40b31 100644
+--- a/.travis.yml
++++ b/.travis.yml
+@@ -23,6 +23,7 @@ env:
+   matrix:
+     - NGINX_VERSION=1.19.3
+     - NGINX_VERSION=1.19.9
++    - NGINX_VERSION=1.23.0
+ 
+ before_install:
+   - sudo apt-get update -y
+@@ -51,3 +52,4 @@ script:
+   - export NGX_BUILD_CC=$CC
+   - sh util/build.sh $NGINX_VERSION > build.log 2>&1 || (cat build.log && exit 1)
+   - prove -I. -r t
++
+diff --git a/src/ngx_http_headers_more_headers_in.c b/src/ngx_http_headers_more_headers_in.c
+index 84c7525..11447ce 100644
+--- a/src/ngx_http_headers_more_headers_in.c
++++ b/src/ngx_http_headers_more_headers_in.c
+@@ -758,6 +758,50 @@ static ngx_int_t
+ ngx_http_set_builtin_multi_header(ngx_http_request_t *r,
+     ngx_http_headers_more_header_val_t *hv, ngx_str_t *value)
+ {
++#if defined(nginx_version) && nginx_version >= 1023000
++    ngx_table_elt_t  **headers, **ph, *h;
++    int                nelts;
++
++    if (r->headers_out.status == 400 || r->headers_in.headers.last == NULL) {
++        /* must be a 400 Bad Request */
++        return NGX_OK;
++    }
++
++    headers = (ngx_table_elt_t **) ((char *) &r->headers_in + hv->offset);
++
++    if (*headers) {
++        nelts = 0;
++        for (h = *headers; h; h = h->next) {
++            nelts++;
++        }
++
++        *headers = NULL;
++
++        dd("clear multi-value headers: %d", nelts);
++    }
++
++    if (ngx_http_set_header_helper(r, hv, value, &h) == NGX_ERROR) {
++        return NGX_ERROR;
++    }
++
++    if (value->len == 0) {
++        return NGX_OK;
++    }
++
++    dd("new multi-value header: %p", h);
++
++    if (*headers) {
++        for (ph = headers; *ph; ph = &(*ph)->next) { /* void */ }
++        *ph = h;
++
++    } else {
++        *headers = h;
++    }
++
++    h->next = NULL;
++
++    return NGX_OK;
++#else
+     ngx_array_t       *headers;
+     ngx_table_elt_t  **v, *h;
+ 
+@@ -810,6 +854,7 @@ ngx_http_set_builtin_multi_header(ngx_http_request_t *r,
+ 
+     *v = h;
+     return NGX_OK;
++#endif
+ }
+ 
+ 
+@@ -842,6 +887,7 @@ ngx_http_headers_more_validate_host(ngx_str_t *host, ngx_pool_t *pool,
+             if (dot_pos == i - 1) {
+                 return NGX_DECLINED;
+             }
++
+             dot_pos = i;
+             break;
+ 
+diff --git a/src/ngx_http_headers_more_headers_out.c b/src/ngx_http_headers_more_headers_out.c
+index 0f9bc87..9d58ede 100644
+--- a/src/ngx_http_headers_more_headers_out.c
++++ b/src/ngx_http_headers_more_headers_out.c
+@@ -327,6 +327,46 @@ static ngx_int_t
+ ngx_http_set_builtin_multi_header(ngx_http_request_t *r,
+     ngx_http_headers_more_header_val_t *hv, ngx_str_t *value)
+ {
++#if defined(nginx_version) && nginx_version >= 1023000
++    ngx_table_elt_t  **headers, *h, *ho, **ph;
++
++    headers = (ngx_table_elt_t **) ((char *) &r->headers_out + hv->offset);
++
++    if (*headers) {
++        for (h = (*headers)->next; h; h = h->next) {
++            h->hash = 0;
++            h->value.len = 0;
++        }
++
++        h = *headers;
++
++        h->value = *value;
++
++        if (value->len == 0) {
++            h->hash = 0;
++
++        } else {
++            h->hash = hv->hash;
++        }
++
++        return NGX_OK;
++    }
++
++    for (ph = headers; *ph; ph = &(*ph)->next) { /* void */ }
++
++    ho = ngx_list_push(&r->headers_out.headers);
++    if (ho == NULL) {
++        return NGX_ERROR;
++    }
++
++    ho->value = *value;
++    ho->hash = hv->hash;
++    ngx_str_set(&ho->key, "Cache-Control");
++    ho->next = NULL;
++    *ph = ho;
++
++    return NGX_OK;
++#else
+     ngx_array_t      *pa;
+     ngx_table_elt_t  *ho, **ph;
+     ngx_uint_t        i;
+@@ -378,6 +418,7 @@ ngx_http_set_builtin_multi_header(ngx_http_request_t *r,
+     *ph = ho;
+ 
+     return NGX_OK;
++#endif
+ }
+ 
+ 
+diff --git a/src/ngx_http_headers_more_util.c b/src/ngx_http_headers_more_util.c
+index caf372e..e1f3636 100644
+--- a/src/ngx_http_headers_more_util.c
++++ b/src/ngx_http_headers_more_util.c
+@@ -295,6 +295,7 @@ ngx_http_headers_more_rm_header_helper(ngx_list_t *l, ngx_list_part_t *cur,
+                         if (part->next == NULL) {
+                             return NGX_ERROR;
+                         }
++
+                         part = part->next;
+                     }
+ 
+@@ -338,6 +339,7 @@ ngx_http_headers_more_rm_header_helper(ngx_list_t *l, ngx_list_part_t *cur,
+                     if (part->next == NULL) {
+                         return NGX_ERROR;
+                     }
++
+                     part = part->next;
+                 }
+ 

diff --git a/www-servers/nginx/files/http_sticky-nginx-1.23.0.patch b/www-servers/nginx/files/http_sticky-nginx-1.23.0.patch
new file mode 100644
index 000000000000..da6126eacabb
--- /dev/null
+++ b/www-servers/nginx/files/http_sticky-nginx-1.23.0.patch
@@ -0,0 +1,25 @@
+From 105c946c0c1af93099502417784888acf60da540 Mon Sep 17 00:00:00 2001
+From: Younes El-karama <yelkarama@gmail.com>
+Date: Sat, 2 Jul 2022 04:56:12 +0000
+Subject: [PATCH] make it compatible with nginx 1.23
+
+---
+ ngx_http_sticky_module.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ngx_http_sticky_module.c b/ngx_http_sticky_module.c
+index c9a0a04..37b5bc3 100644
+--- a/ngx_http_sticky_module.c
++++ b/ngx_http_sticky_module.c
+@@ -204,7 +204,7 @@ static ngx_int_t ngx_http_init_sticky_peer(ngx_http_request_t *r, ngx_http_upstr
+ 	iphp->request = r;
+ 
+ 	/* check weather a cookie is present or not and save it */
+-	if (ngx_http_parse_multi_header_lines(&r->headers_in.cookies, &iphp->sticky_conf->cookie_name, &route) != NGX_DECLINED) {
++	if (ngx_http_parse_multi_header_lines(r, r->headers_in.cookie, &iphp->sticky_conf->cookie_name, &route) != NULL) {
+ 		/* a route cookie has been found. Let's give it a try */
+ 		ngx_log_debug(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "[sticky/init_sticky_peer] got cookie route=%V, let's try to find a matching peer", &route);
+ 
+-- 
+2.36.1
+

diff --git a/www-servers/nginx/files/http_uploadprogress-nginx-1.23.0.patch b/www-servers/nginx/files/http_uploadprogress-nginx-1.23.0.patch
new file mode 100644
index 000000000000..3635aa45b53d
--- /dev/null
+++ b/www-servers/nginx/files/http_uploadprogress-nginx-1.23.0.patch
@@ -0,0 +1,74 @@
+diff -pNura http-uploadprogress.orig/ngx_http_uploadprogress_module.c http-uploadprogress/ngx_http_uploadprogress_module.c
+--- http-uploadprogress.orig/ngx_http_uploadprogress_module.c	2020-10-03 02:05:45.000000000 +0700
++++ http-uploadprogress/ngx_http_uploadprogress_module.c	2022-06-24 16:24:16.196626939 +0700
+@@ -550,12 +550,12 @@ ngx_http_reportuploads_handler(ngx_http_
+     ngx_chain_t                      out;
+     ngx_int_t                        rc, found=0, done=0, err_status=0;
+     off_t                            rest=0, length=0;
+-    ngx_uint_t                       len, i;
++    ngx_uint_t                       len;
+     ngx_slab_pool_t                 *shpool;
+     ngx_http_uploadprogress_conf_t  *upcf;
+     ngx_http_uploadprogress_ctx_t   *ctx;
+     ngx_http_uploadprogress_node_t  *up;
+-    ngx_table_elt_t                 *expires, *cc, **ccp;
++    ngx_table_elt_t                 *expires, *cc;
+     ngx_http_uploadprogress_state_t  state;
+     ngx_http_uploadprogress_template_t  *t;
+ 
+@@ -628,6 +628,7 @@ ngx_http_reportuploads_handler(ngx_http_
+         }
+ 
+         r->headers_out.expires = expires;
++        expires->next = NULL;
+ 
+         expires->hash = 1;
+         expires->key.len = sizeof("Expires") - 1;
+@@ -637,37 +638,30 @@ ngx_http_reportuploads_handler(ngx_http_
+     len = sizeof("Mon, 28 Sep 1970 06:00:00 GMT");
+     expires->value.len = len - 1;
+ 
+-    ccp = r->headers_out.cache_control.elts;
+-    if (ccp == NULL) {
++    cc = r->headers_out.cache_control;
+ 
+-        if (ngx_array_init(&r->headers_out.cache_control, r->pool,
+-                           1, sizeof(ngx_table_elt_t *))
+-            != NGX_OK) {
+-            return NGX_HTTP_INTERNAL_SERVER_ERROR;
+-        }
+-
+-        ccp = ngx_array_push(&r->headers_out.cache_control);
+-        if (ccp == NULL) {
+-            return NGX_HTTP_INTERNAL_SERVER_ERROR;
+-        }
++    if (cc == NULL) {
+ 
+         cc = ngx_list_push(&r->headers_out.headers);
+         if (cc == NULL) {
++            expires->hash = 0;
+             return NGX_HTTP_INTERNAL_SERVER_ERROR;
+         }
+ 
++        r->headers_out.cache_control = cc;
++        cc->next = NULL;
++
+         cc->hash = 1;
+         cc->key.len = sizeof("Cache-Control") - 1;
+         cc->key.data = (u_char *) "Cache-Control";
+ 
+-        *ccp = cc;
+-
+     } else {
+-        for (i = 1; i < r->headers_out.cache_control.nelts; i++) {
+-            ccp[i]->hash = 0;
++        for (cc = cc->next; cc; cc = cc->next) {
++            cc->hash = 0;
+         }
+ 
+-        cc = ccp[0];
++        cc = r->headers_out.cache_control;
++        cc->next = NULL;
+     }
+ 
+     expires->value.data = (u_char *) "Thu, 01 Jan 1970 00:00:01 GMT";

diff --git a/www-servers/nginx/nginx-1.23.0.ebuild b/www-servers/nginx/nginx-1.23.0.ebuild
new file mode 100644
index 000000000000..97bbe75ac5fc
--- /dev/null
+++ b/www-servers/nginx/nginx-1.23.0.ebuild
@@ -0,0 +1,1028 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="1.0.0rc"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="68b3ab3b64a0cee7f785d161401c8be357bbed12"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/openresty/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="d502e41996d24a382bd9c632e3ae3efa0a5fca66"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/openresty/headers-more-nginx-module/archive/${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.4"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="b6d167cf1a93c0c885c28db5a439f2404874cb26"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+LUA_COMPAT=( luajit )
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.2"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.62"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="8c02220d484d7848bc8e3a6d9b1c616987e86f66"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.3"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.7.5"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools lua-single ssl-cert toolchain-funcs perl-module systemd pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+	nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+	proxy referer rewrite scgi ssi split_clients upstream_hash
+	upstream_ip_hash upstream_keepalive upstream_least_conn
+	upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_auth_ldap
+	http_auth_pam
+	http_brotli
+	http_cache_purge
+	http_dav_ext
+	http_echo
+	http_fancyindex
+	http_geoip2
+	http_headers_more
+	http_javascript
+	http_lua
+	http_memc
+	http_metrics
+	http_mogilefs
+	http_naxsi
+	http_push_stream
+	http_slowfs_cache
+	http_sticky
+	http_upload_progress
+	http_upstream_check
+	http_vhost_traffic_status
+	stream_geoip2
+	stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic pcre +pcre2
+	pcre-jit rtmp selinux ssl threads vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	acct-group/nginx
+	acct-user/nginx
+	virtual/libcrypt:=
+	pcre? ( dev-libs/libpcre:= )
+	pcre2? ( dev-libs/libpcre2:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		dev-libs/openssl:0=
+	)
+	http2? (
+		>=dev-libs/openssl-1.0.1c:0=
+	)
+	http-cache? (
+		dev-libs/openssl:0=
+	)
+	nginx_modules_http_brotli? ( app-arch/brotli:= )
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( ${LUA_DEPS} )
+	nginx_modules_http_auth_pam? ( sys-libs/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+	nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
+	nginx_modules_stream_geoip? ( dev-libs/geoip )
+	nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
+	nginx_modules_http_grpc? ( http2 )
+	nginx_modules_http_lua? (
+		${LUA_REQUIRED_USE}
+		nginx_modules_http_rewrite
+		pcre
+		!pcre2
+	)
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+
+	use nginx_modules_http_lua && lua-single_pkg_setup
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_sticky; then
+		cd "${HTTP_STICKY_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_sticky-nginx-1.23.0.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_brotli; then
+		cd "${HTTP_BROTLI_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-nginx-1.23.0.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre --without-pcre2 )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
+		export LUAJIT_INC=$(lua_get_include_dir)
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_vhost_traffic_status; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+		myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+	fi
+
+	if use nginx_modules_http_brotli; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+		stream_enabled=1
+	fi
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export AR CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	local WITHOUT_IPV6=
+	if ! use ipv6; then
+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+	fi
+
+	if [[ -n "${EXTRA_ECONF}" ]]; then
+		myconf+=( ${EXTRA_ECONF} )
+		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${ESYSROOT}/usr/include${WITHOUT_IPV6}" \
+		--with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		--with-compat \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"/etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+	newconfd "${FILESDIR}"/nginx.confd nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${ED}"/usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 ${keepdir_list}
+	fowners ${PN}:${PN} ${keepdir_list}
+
+	fperms 0710 /var/log/nginx
+	fowners 0:${PN} /var/log/nginx
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	# Don't create /run
+	rm -rf "${ED}"/run || die
+
+	if use lua_single_target_luajit; then
+		pax-mark m "${ED}/usr/sbin/nginx"
+	fi
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn ""
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua; then
+		ewarn ""
+		ewarn "While you can build lua 3rd party module against ${P}"
+		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+		ewarn "officially supported target yet. You are on your own."
+		ewarn "Expect runtime failures, memory leaks and other problems!"
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn ""
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+	fi
+
+	local _n_permission_layout_checks=0
+	local _has_to_adjust_permissions=0
+	local _has_to_show_permission_warning=0
+
+	# Defaults to 1 to inform people doing a fresh installation
+	# that we ship modified {scgi,uwsgi,fastcgi}_params files
+	local _has_to_show_httpoxy_mitigation_notice=1
+
+	local _replacing_version=
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+			# Should never happen:
+			# Package is abusing slots but doesn't allow multiple parallel installations.
+			# If we run into this situation it is unsafe to automatically adjust any
+			# permission...
+			_has_to_show_permission_warning=1
+
+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+				"You will have to adjust permissions on your own."
+
+			break
+		fi
+
+		local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+		# This was before we introduced multiple nginx versions so we
+		# do not need to distinguish between stable and mainline
+		local _need_to_fix_CVE2013_0337=1
+
+		if ver_test ${_replacing_version} -ge 1.4.1-r2; then
+			# We are updating an installation which should already be fixed
+			_need_to_fix_CVE2013_0337=0
+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+		else
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+		fi
+
+		# Do we need to inform about HTTPoxy mitigation?
+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+		if ver_test ${_replacing_version_branch} -lt 1.10; then
+			# Updating from <1.10
+			_has_to_show_httpoxy_mitigation_notice=1
+			debug-print "Need to inform about HTTPoxy mitigation!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.1-r2"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.3-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that the user has
+					# already seen the HTTPoxy mitigation notice because he/she is doing
+					# an update from previous version where we have already shown
+					# the warning. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+				# We are updating an installation where we already informed
+				# that we are mitigating HTTPoxy per default
+				_has_to_show_httpoxy_mitigation_notice=0
+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+			else
+				_has_to_show_httpoxy_mitigation_notice=1
+				debug-print "Need to inform about HTTPoxy mitigation!"
+			fi
+		fi
+
+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+		# All branches up to 1.11 are affected
+		local _need_to_fix_CVE2016_1247=1
+
+		if ver_test ${_replacing_version_branch} -lt 1.10; then
+			# Updating from <1.10
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.2-r3"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.6-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that we have already
+					# adjusted permissions or were never affected because user is
+					# doing an update from previous version which was safe or did
+					# the adjustments. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+				# We are updating an installation which should already be adjusted
+				# or which was never affected
+				_need_to_fix_CVE2016_1247=0
+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+			else
+				_has_to_adjust_permissions=1
+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+			fi
+		fi
+	done
+
+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+		# We do not DIE when chmod/chown commands are failing because
+		# package is already merged on user's system at this stage
+		# and we cannot retry without losing the information that
+		# the existing installation needs to adjust permissions.
+		# Instead we are going to a show a big warning ...
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The world-readable bit (if set) has been removed from the"
+			ewarn "following directories to mitigate a security bug"
+			ewarn "(CVE-2013-0337, bug #458726):"
+			ewarn ""
+			ewarn "  ${EPREFIX}/var/log/nginx"
+			ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
+			chmod o-rwx \
+				"${EPREFIX}"/var/log/nginx \
+				"${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+				_has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The permissions on the following directory have been reset in"
+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+			ewarn ""
+			ewarn "  ${EPREFIX}/var/log/nginx"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "Also ensure that no other log directory used by any of your"
+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+			ewarn "used by nginx can be abused to escalate privileges!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+			chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+			# Should never happen ...
+			ewarn ""
+			ewarn "*************************************************************"
+			ewarn "***************         W A R N I N G         ***************"
+			ewarn "*************************************************************"
+			ewarn "The one-time only attempt to adjust permissions of the"
+			ewarn "existing nginx installation failed. Be aware that we will not"
+			ewarn "try to adjust the same permissions again because now you are"
+			ewarn "using a nginx version where we expect that the permissions"
+			ewarn "are already adjusted or that you know what you are doing and"
+			ewarn "want to keep custom permissions."
+			ewarn ""
+		fi
+	fi
+
+	# Sanity check for CVE-2016-1247
+	# Required to warn users who received the warning above and thought
+	# they could fix it by unmerging and re-merging the package or have
+	# unmerged a affected installation on purpose in the past leaving
+	# /var/log/nginx on their system due to keepdir/non-empty folder
+	# and are now installing the package again.
+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+	if [ $? -eq 0 ] ; then
+		# Cleanup -- no reason to die here!
+		rm -f "${_sanity_check_testfile}"
+
+		ewarn ""
+		ewarn "*************************************************************"
+		ewarn "***************         W A R N I N G         ***************"
+		ewarn "*************************************************************"
+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+		ewarn "(bug #605008) because nginx user is able to create files in"
+		ewarn ""
+		ewarn "  ${EPREFIX}/var/log/nginx"
+		ewarn ""
+		ewarn "Also ensure that no other log directory used by any of your"
+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+		ewarn "used by nginx can be abused to escalate privileges!"
+	fi
+
+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+		# HTTPoxy mitigation
+		ewarn ""
+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+		ewarn "are sourcing one of the default"
+		ewarn ""
+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
+		ewarn "  - 'scgi_params'"
+		ewarn "  - 'uwsgi_params'"
+		ewarn ""
+		ewarn "files in your server block(s)."
+		ewarn ""
+		ewarn "If this is causing any problems for you make sure that you are sourcing the"
+		ewarn "default parameters _before_ you set your own values."
+		ewarn "If you are relying on user-supplied proxy values you have to remove the"
+		ewarn "correlating lines from the file(s) mentioned above."
+		ewarn ""
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/files/, www-servers/nginx/

[Conrad Kostecki]

commit:     fd0e508ff6bd477682cf8c156a23248808744e6d
Author:     Tomáš Mózes <hydrapolic <AT> gmail <DOT> com>
AuthorDate: Sat Oct 22 06:34:16 2022 +0000
Commit:     Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Sun Oct 23 20:23:00 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fd0e508f

www-servers/nginx: various improvements

- update nginx modules
- change naxsi upstream as previous fails to build and is considered obsolete
- use mime types from app-misc/mime-types by default

Closes: https://bugs.gentoo.org/762964
Closes: https://bugs.gentoo.org/836454
Closes: https://bugs.gentoo.org/850571
Signed-off-by: Tomáš Mózes <hydrapolic <AT> gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/27887
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>

 www-servers/nginx/Manifest               |    6 +
 www-servers/nginx/files/nginx.conf-r3    |   70 ++
 www-servers/nginx/nginx-1.23.2-r1.ebuild | 1066 ++++++++++++++++++++++++++++++
 3 files changed, 1142 insertions(+)

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 336dd48cb76f..dfe0526efc02 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -8,18 +8,24 @@ DIST ngx_http_auth_pam-1.5.2.tar.gz 7016 BLAKE2B 1efc8d2d12aa09a2b2a36f6f6d0132a
 DIST ngx_http_cache_purge-2.3.tar.gz 12248 BLAKE2B f83b267f4c19a9d4af5964522695814c164d200ecd4108bf8f6b5c21388eba8af989bdda646dee18a03174211e8c090a04736bbeb44043cb0e19fbccdc66278e SHA512 50a31dbf2216a6fae74a186af56dec4600cf55777e76a10ac0075f609e7737135aab063a64f2590dddcd0369ebebd4a523027f3d9ebcca74f7b4355be1c5dcc0
 DIST ngx_http_dav_ext-3.0.0.tar.gz 14558 BLAKE2B 0d370bfe34600d43a540dd19a386aa52ce135b2eae14e4e108a359d5ff3405939130d1c802062c7523057ec35d38322d3fbed8c13deb58ce7a08ebf9e3f106d4 SHA512 d0193ba90f1ef46c4e470630c4394bdf99d94fd2e3bd8be6cb2ba1655ec59944b1269025f032b79dc2c6dad366e54389ef6a6da2ddeb91d535a4027f2162fbde
 DIST ngx_http_echo-0.62.tar.gz 53329 BLAKE2B 7d92184f7fb878cb5261be1c68de4432d472469028e20c2150925ab3d9a1c472ef557a11b84ee60d7ae6b48d08b35890c50161540668918492f2092dd0272962 SHA512 240896b1c559a71ca6ca87136d8535edd25b1d65ebb80d46080ad41c09ed1cec9737828f9efe260782294d660cea66cf402f4e75bba3fed26f3a94de0ae2f89b
+DIST ngx_http_echo-0.63.tar.gz 53421 BLAKE2B 613d4f265b9bcf9b4a44a18749314075e797dca4b350e6c4bc2e7ddd52edadc52660504ee57d0c859ec0a20f6b2e425727e5ec4b30282e67498010fc8d959baa SHA512 c325ac4e3f3f735739e156d8c7ada503b34475c62533b4830231ff1b42c25cb0c841aae06b3448b589c2ab35da8d211436ed194d6fd062cad925af8152c5e789
 DIST ngx_http_fancyindex-0.4.4.tar.gz 26292 BLAKE2B a1ed76cb31cd4f7a349bcbe63d75f8e00331d0ba4ee9b7b1df41dac77fe64ebe6c72a6fd5f6ebc9de53e8d3a8a2ad5185fbaa533d8ff008fcf92f6956f267d80 SHA512 bf8ebb188c10fee5e6ebcb338fe20fdf859bb88d9b2b0e3da6f3e2f1847738d30760d2642d0dfe257092bdf2399b561631556a3a8e2fb33dc9cd0c59d371c173
 DIST ngx_http_geoip2_module-3.4.tar.gz 8877 BLAKE2B cd59ebbd2ca47f6af0b22b8b91768053d2c991f7adf19941625e3570d81dcb73989101795d641e4efce1eed37d454bca73d603b5d0e4511e3bd63100c7acf750 SHA512 18dea21e5ae2647bea1fc448058a1b773c936917245edef8d861d5e23ed92e9a3b1ec4ef43ffb2ece7b5899d787910adcf4fbd39f84d7e8d7c54759e2fee5b72
+DIST ngx_http_headers_more-0.34.tar.gz 28827 BLAKE2B 48badf603b93601b11c837057760f768ef2579062786bb366795617635747b654cecafa3a230eec1a3e442ab768fb068867ceb93385b14b6452b621764acfd3f SHA512 2c0c140feeb29f0154a223dc3020ff956f894d63e0232a7bc0ca33fcb26f8b807bda868159ae30b6cac7456ec25b831c3d299ea18e234202ae5d14c1ff471a4b
 DIST ngx_http_headers_more-d502e41996d24a382bd9c632e3ae3efa0a5fca66.tar.gz 28810 BLAKE2B cb71e6b8a9da6c72bc542e837391e932c5803d52cbf01eab0b70f501b620d7de03009a25d10e9ba9de46a6c9ffca109b50dea47cded687412eb55210ba6e68c8 SHA512 80193f95f9754b1d6fb784cde6b4c4d6f72b5cff406c26329a93ad87a5833cd87ef7a8113d719bbe6913fd8e1fb29f438fa81e6dada8c0fc39bf0f2e47fe08ae
 DIST ngx_http_lua-b6d167cf1a93c0c885c28db5a439f2404874cb26.tar.gz 718179 BLAKE2B ac4893892dd2836e46055d57feb492e3122ab2c3c91e56917e52cb8ccc683469ab77d26990b9ee4a4bb3bf639267cce7ded7b07463912cc5579a7a09730da8b2 SHA512 f547c4f0490a25600b4533050db3b5d2ea595ad72e0737fc0be8060eddf7b5712e3dcca59e4d29999415c9455798e232a7de53a9380cbd38f264b4ea371e86c1
 DIST ngx_http_naxsi-0.56.tar.gz 192120 BLAKE2B cdbfc278f346ccdc0d5407d70ddd4740816d9fe786d3d65189d47e6f3b030c02352a30ed86bf1650139a21a8408e74c1ec7d7aa3512df1428870279ab384dd15 SHA512 4660751849bce303af6010b7257532404710106a94817e78d4bc4b566f8019620f24f30207f1d4366b88132a5124e34b164dc67ed80b6710f4bad66115564cbd
+DIST ngx_http_naxsi-4140b2ded624eb36f04c783c460379b9403012d0.tar.gz 166325 BLAKE2B f80353bfc1f3fc009b847de1c1c5d623a84682efc588649cbd156f669336c95f337442ebf350c79321bf59477215f083817929f13550b22dc7f393583aa16ba1 SHA512 6d6565189d9fabdcf318270107455bb4915d2a43284fb2f77b5cf025a4b4843e990c1c1dbc254e0f3879ca7d30ac7bcd7eb8637f491d5b7f05193aa9865be7cc
+DIST ngx_http_naxsi_libinjection-49904c42a6e68dc8f16c022c693e897e4010a06c.tar.gz 2123473 BLAKE2B 69208f09ca9f10f59f53a3e949894ebc6e51b0ed5708e551759fd8fbc002c83f5a0462fd22eaf52cae290992633729f47403b33c41539437e40700fb7763ac2a SHA512 ed643aaed8d70dae028ec3df48be3aa2c03955073039cd14fb6187bf162cfee9131ab3e5900ddc349526b171f4da0e01e13b39a669cb85838c1f254476a3c1b8
 DIST ngx_http_push_stream-8c02220d484d7848bc8e3a6d9b1c616987e86f66.tar.gz 196994 BLAKE2B 90baeb4fb03aeb309bcf1a987420067ca81843ff9b85b8fc26ba703741571e631826e5928a439a3ae79f2f5e369a3acb2cd803789308642ae757d67722ac7f33 SHA512 ad5424d65909d1cf0c2b64d7a4bc3123f4d3e240f1c9d611f6b6fc41167d169f474c723b1c327d42bd295f973a6365ad32e3f095b8c7c7cddc7e54aea138ca31
 DIST ngx_http_slowfs_cache-1.10.tar.gz 11809 BLAKE2B 54ec1bd0d1cc43cdaafc93ebd46b33374c57351c7f022eae0351d6961680abb03d896e7f058e67c43c4fee300253354feccb92d00e62bf91250e251e1860ec03 SHA512 fbc9609a8d6913aeefe535f206b9e53477503f131934ead2ae5a6169e395af2f5fb54778704824d5eeb22a4ef40a11ebbcde580db62a631f70edcc2cfc06b15d
 DIST ngx_http_upload_progress-68b3ab3b64a0cee7f785d161401c8be357bbed12.tar.gz 17379 BLAKE2B 4790657b3f207eca460a26f5c4d1139dcd495e29fffedab8d716105e6dc3039cbeeecf5f6005d364470951e25b472860b46e3e08bc9573a5a7b4a23f53532f8a SHA512 6603e15aa33edca5e647fd04b4f008f1729c78c527be262ef481890f37a6d57e89609cebfb7459fad18b249024fbe3722e09473987401e8d8dfdd7cf50e4df4f
 DIST ngx_http_upstream_check-9aecf15ec379fe98f62355c57b60c0bc83296f04.tar.gz 130073 BLAKE2B 3c93cef79425a46e22ae39adf13d5ebb0e5d36f5d6be8555ec068dd0017918f5355d82fbbe90ba934e58c52e89c2096e24012f75390c7159d1ebacfaaa112308 SHA512 fad2a0d3ac332b6e67c52e3525f6df8a432df3e92bc173190b8107fba7f24476ab9dae4824630299af68c15e856409bd47a3a79fb5b65e03a5133eb90142b8fc
+DIST ngx_http_vhost_traffic_status-0.2.1.tar.gz 179679 BLAKE2B 3f0f950745695997232f4ae07487e58d798a3a4f2cd0ba8d922865a39e010e1282932469fbeee615a115358f1e9e36f67876fa507fbefb7c146d701ea68a864d SHA512 fadd4727ffc56111b443364d90e5b0597f09b25006404b11377586f0ed754f5a85e0b84796360be927bd455f43eb28e18004991f086b611146cd340937a6e5e9
 DIST ngx_http_vhost_traffic_status-46d85558e344dfe2b078ce757fd36c69a1ec2dd3.tar.gz 380721 BLAKE2B 8a63d9663aa896869345b97e4bb2a9ac93585d6d7ee16891c98f6445b90002ab90989d195399bf90c5a8ad32c4c908794b7cc33fa45183f9069c51906abb1606 SHA512 46451b3c9b7a3c57145fc8e1de9d8ee984286acff2fc3f4e6c4a39589eb42dd686844410312701d167eb369ab5943184b4fde1ef319359e272dad6fcdb8cad25
 DIST ngx_memc_module-0.19.tar.gz 34654 BLAKE2B 536384c264d88535179634d459d3a47b1d9b11885fbce46fbe9fa4df3dce365320b5963c56aecde3b0039d4f9954943d95f25c5f4fada6256861257f82ebbb12 SHA512 a64ec8dffcd011db2cd12b501271bf5c408f2f31fd2bf477b8db4e88adc5bb5732c4c2181ed8378cab6a937869d8f747ef52b22fe256c90df8440b91890edbe7
 DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc8b2b93f692615a1b39c1f327393647f80e7a27e6929799a6e7e3469b61e1cd72f7821f7a820da4dd7cd9a96d85c SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e
 DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
 DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
+DIST ngx_rtmp-1.2.2.tar.gz 519934 BLAKE2B 8745816b879f506720955d6c7e5e8af036e88b3601a680071ffb255a3ec31d69e132b5cc8b493202fa985eb30b8529428f683b5154a0054c0ee990d3185c7abf SHA512 3f8c803221854c4b1a06aadc6313fbfec74bd7179c0ee51d4365b26ffa8875881a6e1e48f777a9c9efbb9170ab7478a82920d5448a2c2df485503d37bb03ab81
 DIST njs-0.7.7.tar.gz 609779 BLAKE2B 878c1a106237d42f03074051d12a2de409a1ce3088ec3fd8a43032183608b68e0a11f438668aaca3135ac2280875f248467d6fa801539fcfc6d1436db1579199 SHA512 3fd9e9b84e416e95dbdffced78eabd76a519cccec7c386d8acaccd0d891dea5ceeb702408d4450107c7e3909586753e4eeb5e38c06657cd8f273180beb8fae74

diff --git a/www-servers/nginx/files/nginx.conf-r3 b/www-servers/nginx/files/nginx.conf-r3
new file mode 100644
index 000000000000..aedaad4f64ef
--- /dev/null
+++ b/www-servers/nginx/files/nginx.conf-r3
@@ -0,0 +1,70 @@
+user nginx nginx;
+worker_processes 1;
+
+error_log /var/log/nginx/error_log info;
+
+events {
+	worker_connections 1024;
+	use epoll;
+}
+
+http {
+	include /etc/nginx/mime.types.nginx;
+	types_hash_max_size 4096;
+	default_type application/octet-stream;
+
+	log_format main
+		'$remote_addr - $remote_user [$time_local] '
+		'"$request" $status $bytes_sent '
+		'"$http_referer" "$http_user_agent" '
+		'"$gzip_ratio"';
+
+	client_header_timeout 10m;
+	client_body_timeout 10m;
+	send_timeout 10m;
+
+	connection_pool_size 256;
+	client_header_buffer_size 1k;
+	large_client_header_buffers 4 2k;
+	request_pool_size 4k;
+
+	gzip off;
+
+	output_buffers 1 32k;
+	postpone_output 1460;
+
+	sendfile on;
+	tcp_nopush on;
+	tcp_nodelay on;
+
+	keepalive_timeout 75 20;
+
+	ignore_invalid_headers on;
+
+	index index.html;
+
+	server {
+		listen 127.0.0.1;
+		server_name localhost;
+
+		access_log /var/log/nginx/localhost.access_log main;
+		error_log /var/log/nginx/localhost.error_log info;
+
+		root /var/www/localhost/htdocs;
+	}
+
+	# SSL example
+	#server {
+	#	listen 127.0.0.1:443;
+	#	server_name localhost;
+
+	#	ssl on;
+	#	ssl_certificate /etc/ssl/nginx/nginx.pem;
+	#	ssl_certificate_key /etc/ssl/nginx/nginx.key;
+
+	#	access_log /var/log/nginx/localhost.ssl_access_log main;
+	#	error_log /var/log/nginx/localhost.ssl_error_log info;
+
+	#	root /var/www/localhost/htdocs;
+	#}
+}

diff --git a/www-servers/nginx/nginx-1.23.2-r1.ebuild b/www-servers/nginx/nginx-1.23.2-r1.ebuild
new file mode 100644
index 000000000000..5fb4b79bbe86
--- /dev/null
+++ b/www-servers/nginx/nginx-1.23.2-r1.ebuild
@@ -0,0 +1,1066 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="1.0.0rc"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="68b3ab3b64a0cee7f785d161401c8be357bbed12"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/openresty/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.34"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/openresty/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.4"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="b6d167cf1a93c0c885c28db5a439f2404874cb26"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+LUA_COMPAT=( luajit )
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.2"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.2.1"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/wargio/naxsi, GPL-3)
+HTTP_NAXSI_MODULE_PV="4140b2ded624eb36f04c783c460379b9403012d0"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/wargio/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+HTTP_NAXSI_LIBINJECTION_MODULE_PV="49904c42a6e68dc8f16c022c693e897e4010a06c"
+HTTP_NAXSI_LIBINJECTION_MODULE_P="ngx_http_naxsi_libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV}"
+HTTP_NAXSI_LIBINJECTION_MODULE_URI="https://github.com/libinjection/libinjection/archive/${HTTP_NAXSI_LIBINJECTION_MODULE_PV}.tar.gz"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.2"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.63"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# modsecurity for nginx (https://github.com/SpiderLabs/ModSecurity-nginx, https://github.com/SpiderLabs/ModSecurity, Apache-2.0)
+HTTP_SECURITY_MODULE_PV="1.0.3"
+HTTP_SECURITY_MODULE_P="modsecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://github.com/SpiderLabs/ModSecurity-nginx/archive/refs/tags/v${HTTP_SECURITY_MODULE_PV}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/ModSecurity-nginx-${HTTP_SECURITY_MODULE_PV}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="8c02220d484d7848bc8e3a6d9b1c616987e86f66"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.4"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.7.7"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools lua-single ssl-cert toolchain-funcs perl-module systemd pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? (
+		${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz
+		${HTTP_NAXSI_LIBINJECTION_MODULE_URI} -> ${HTTP_NAXSI_LIBINJECTION_MODULE_P}.tar.gz
+	)
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+	nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+	proxy referer rewrite scgi ssi split_clients upstream_hash
+	upstream_ip_hash upstream_keepalive upstream_least_conn
+	upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_auth_ldap
+	http_auth_pam
+	http_brotli
+	http_cache_purge
+	http_dav_ext
+	http_echo
+	http_fancyindex
+	http_geoip2
+	http_headers_more
+	http_javascript
+	http_lua
+	http_memc
+	http_metrics
+	http_mogilefs
+	http_naxsi
+	http_push_stream
+	http_security
+	http_slowfs_cache
+	http_sticky
+	http_upload_progress
+	http_upstream_check
+	http_vhost_traffic_status
+	stream_geoip2
+	stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache libatomic pcre +pcre2 pcre-jit rtmp selinux ssl threads vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	acct-group/nginx
+	acct-user/nginx
+	virtual/libcrypt:=
+	pcre? ( dev-libs/libpcre:= )
+	pcre2? ( dev-libs/libpcre2:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		dev-libs/openssl:0=
+	)
+	http2? (
+		>=dev-libs/openssl-1.0.1c:0=
+	)
+	http-cache? (
+		dev-libs/openssl:0=
+	)
+	nginx_modules_http_brotli? ( app-arch/brotli:= )
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? ( dev-libs/openssl:0= )
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( ${LUA_DEPS} )
+	nginx_modules_http_auth_pam? ( sys-libs/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+	nginx_modules_http_security? ( dev-libs/modsecurity )
+	nginx_modules_http_auth_ldap? ( net-nds/openldap:=[ssl?] )
+	nginx_modules_stream_geoip? ( dev-libs/geoip )
+	nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+	app-misc/mime-types[nginx]
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
+	nginx_modules_http_grpc? ( http2 )
+	nginx_modules_http_lua? (
+		${LUA_REQUIRED_USE}
+		nginx_modules_http_rewrite
+		pcre
+		!pcre2
+	)
+	nginx_modules_http_naxsi? ( nginx_modules_http_rewrite pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+
+	use nginx_modules_http_lua && lua-single_pkg_setup
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_sticky; then
+		cd "${HTTP_STICKY_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_sticky-nginx-1.23.0.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		cd "${HTTP_NAXSI_MODULE_WD}" || die
+		rm -r libinjection || die
+		mv ../../libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_PV} libinjection || die
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_brotli; then
+		cd "${HTTP_BROTLI_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+		cd "${NJS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_javascript_cve_2022-38890.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-nginx-1.23.0.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre --without-pcre2 )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
+		export LUAJIT_INC=$(lua_get_include_dir)
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_vhost_traffic_status; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+		myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+	fi
+
+	if use nginx_modules_http_brotli; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+		stream_enabled=1
+	fi
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export AR CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	if [[ -n "${EXTRA_ECONF}" ]]; then
+		myconf+=( ${EXTRA_ECONF} )
+		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${ESYSROOT}/usr/include" \
+		--with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		--with-compat \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+
+	cp "${FILESDIR}"/nginx.conf-r3 "${ED}"/etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+	newconfd "${FILESDIR}"/nginx.confd nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${ED}"/usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 ${keepdir_list}
+	fowners ${PN}:${PN} ${keepdir_list}
+
+	fperms 0710 /var/log/nginx
+	fowners 0:${PN} /var/log/nginx
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	# Don't create /run
+	rm -rf "${ED}"/run || die
+
+	if use lua_single_target_luajit; then
+		pax-mark m "${ED}/usr/sbin/nginx"
+	fi
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx/naxsi
+		doins "${HTTP_NAXSI_MODULE_WD}"/../distros/nginx/*
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/naxsi_core.rules
+		doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/blocking
+		doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/whitelists
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{AUTHORS,CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn ""
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua; then
+		ewarn ""
+		ewarn "While you can build lua 3rd party module against ${P}"
+		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+		ewarn "officially supported target yet. You are on your own."
+		ewarn "Expect runtime failures, memory leaks and other problems!"
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn ""
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+	fi
+
+	local _n_permission_layout_checks=0
+	local _has_to_adjust_permissions=0
+	local _has_to_show_permission_warning=0
+
+	# Defaults to 1 to inform people doing a fresh installation
+	# that we ship modified {scgi,uwsgi,fastcgi}_params files
+	local _has_to_show_httpoxy_mitigation_notice=1
+
+	local _replacing_version=
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+			# Should never happen:
+			# Package is abusing slots but doesn't allow multiple parallel installations.
+			# If we run into this situation it is unsafe to automatically adjust any
+			# permission...
+			_has_to_show_permission_warning=1
+
+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+				"You will have to adjust permissions on your own."
+
+			break
+		fi
+
+		local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+		# This was before we introduced multiple nginx versions so we
+		# do not need to distinguish between stable and mainline
+		local _need_to_fix_CVE2013_0337=1
+
+		if ver_test ${_replacing_version} -ge 1.4.1-r2; then
+			# We are updating an installation which should already be fixed
+			_need_to_fix_CVE2013_0337=0
+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+		else
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+		fi
+
+		# Do we need to inform about HTTPoxy mitigation?
+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+		if ver_test ${_replacing_version_branch} -lt 1.10; then
+			# Updating from <1.10
+			_has_to_show_httpoxy_mitigation_notice=1
+			debug-print "Need to inform about HTTPoxy mitigation!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.1-r2"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.3-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that the user has
+					# already seen the HTTPoxy mitigation notice because he/she is doing
+					# an update from previous version where we have already shown
+					# the warning. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+				# We are updating an installation where we already informed
+				# that we are mitigating HTTPoxy per default
+				_has_to_show_httpoxy_mitigation_notice=0
+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+			else
+				_has_to_show_httpoxy_mitigation_notice=1
+				debug-print "Need to inform about HTTPoxy mitigation!"
+			fi
+		fi
+
+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+		# All branches up to 1.11 are affected
+		local _need_to_fix_CVE2016_1247=1
+
+		if ver_test ${_replacing_version_branch} -lt 1.10; then
+			# Updating from <1.10
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.2-r3"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.6-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that we have already
+					# adjusted permissions or were never affected because user is
+					# doing an update from previous version which was safe or did
+					# the adjustments. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+				# We are updating an installation which should already be adjusted
+				# or which was never affected
+				_need_to_fix_CVE2016_1247=0
+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+			else
+				_has_to_adjust_permissions=1
+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+			fi
+		fi
+	done
+
+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+		# We do not DIE when chmod/chown commands are failing because
+		# package is already merged on user's system at this stage
+		# and we cannot retry without losing the information that
+		# the existing installation needs to adjust permissions.
+		# Instead we are going to a show a big warning ...
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The world-readable bit (if set) has been removed from the"
+			ewarn "following directories to mitigate a security bug"
+			ewarn "(CVE-2013-0337, bug #458726):"
+			ewarn ""
+			ewarn "  ${EPREFIX}/var/log/nginx"
+			ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
+			chmod o-rwx \
+				"${EPREFIX}"/var/log/nginx \
+				"${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+				_has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The permissions on the following directory have been reset in"
+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+			ewarn ""
+			ewarn "  ${EPREFIX}/var/log/nginx"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "Also ensure that no other log directory used by any of your"
+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+			ewarn "used by nginx can be abused to escalate privileges!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+			chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+			# Should never happen ...
+			ewarn ""
+			ewarn "*************************************************************"
+			ewarn "***************         W A R N I N G         ***************"
+			ewarn "*************************************************************"
+			ewarn "The one-time only attempt to adjust permissions of the"
+			ewarn "existing nginx installation failed. Be aware that we will not"
+			ewarn "try to adjust the same permissions again because now you are"
+			ewarn "using a nginx version where we expect that the permissions"
+			ewarn "are already adjusted or that you know what you are doing and"
+			ewarn "want to keep custom permissions."
+			ewarn ""
+		fi
+	fi
+
+	# Sanity check for CVE-2016-1247
+	# Required to warn users who received the warning above and thought
+	# they could fix it by unmerging and re-merging the package or have
+	# unmerged a affected installation on purpose in the past leaving
+	# /var/log/nginx on their system due to keepdir/non-empty folder
+	# and are now installing the package again.
+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+	if [ $? -eq 0 ] ; then
+		# Cleanup -- no reason to die here!
+		rm -f "${_sanity_check_testfile}"
+
+		ewarn ""
+		ewarn "*************************************************************"
+		ewarn "***************         W A R N I N G         ***************"
+		ewarn "*************************************************************"
+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+		ewarn "(bug #605008) because nginx user is able to create files in"
+		ewarn ""
+		ewarn "  ${EPREFIX}/var/log/nginx"
+		ewarn ""
+		ewarn "Also ensure that no other log directory used by any of your"
+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+		ewarn "used by nginx can be abused to escalate privileges!"
+	fi
+
+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+		# HTTPoxy mitigation
+		ewarn ""
+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+		ewarn "are sourcing one of the default"
+		ewarn ""
+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
+		ewarn "  - 'scgi_params'"
+		ewarn "  - 'uwsgi_params'"
+		ewarn ""
+		ewarn "files in your server block(s)."
+		ewarn ""
+		ewarn "If this is causing any problems for you make sure that you are sourcing the"
+		ewarn "default parameters _before_ you set your own values."
+		ewarn "If you are relying on user-supplied proxy values you have to remove the"
+		ewarn "correlating lines from the file(s) mentioned above."
+		ewarn ""
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/files/, www-servers/nginx/

[Sam James]

commit:     e98d8ef5572fae7d42e80acbb2464e70eb0ab5e7
Author:     Z. Liu <zhixu.liu <AT> gmail <DOT> com>
AuthorDate: Fri Aug 30 09:19:56 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Sep  2 02:54:28 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e98d8ef5

www-servers/nginx: add patch for http_security from upstream

see https://github.com/owasp-modsecurity/ModSecurity-nginx/commit/7d37ace7431ea9704faa98f29876bcd72ef4b1ff

Closes: https://bugs.gentoo.org/933598
Signed-off-by: Z. Liu <zhixu.liu <AT> gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/38343
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../nginx/files/http_security-nginx-1.26.2.patch   | 26 ++++++++++++++++++++++
 ...inx-1.26.2-r1.ebuild => nginx-1.26.2-r2.ebuild} |  6 +++++
 ...inx-1.27.1-r1.ebuild => nginx-1.27.1-r2.ebuild} |  6 +++++
 3 files changed, 38 insertions(+)

diff --git a/www-servers/nginx/files/http_security-nginx-1.26.2.patch b/www-servers/nginx/files/http_security-nginx-1.26.2.patch
new file mode 100644
index 000000000000..26e3ea6046f0
--- /dev/null
+++ b/www-servers/nginx/files/http_security-nginx-1.26.2.patch
@@ -0,0 +1,26 @@
+From 7d37ace7431ea9704faa98f29876bcd72ef4b1ff Mon Sep 17 00:00:00 2001
+From: Ervin Hegedus <airween@gmail.com>
+Date: Tue, 23 Apr 2024 21:42:02 +0200
+Subject: [PATCH] fix: Added missing header for conftest
+
+---
+ config | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/config b/config
+index c6e7467..3bf06a8 100644
+--- a/config
++++ b/config
+@@ -10,7 +10,8 @@
+ 
+ ngx_feature_name=
+ ngx_feature_run=no
+-ngx_feature_incs="#include <modsecurity/modsecurity.h>"
++ngx_feature_incs="#include <modsecurity/modsecurity.h>
++#include <stdio.h>"
+ ngx_feature_libs="-lmodsecurity"
+ ngx_feature_test='printf("hello");'
+ ngx_modsecurity_opt_I=
+-- 
+2.26.2
+

diff --git a/www-servers/nginx/nginx-1.26.2-r1.ebuild b/www-servers/nginx/nginx-1.26.2-r2.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.26.2-r1.ebuild
rename to www-servers/nginx/nginx-1.26.2-r2.ebuild
index 1971e684ca8a..fe6db3b44206 100644
--- a/www-servers/nginx/nginx-1.26.2-r1.ebuild
+++ b/www-servers/nginx/nginx-1.26.2-r2.ebuild
@@ -459,6 +459,12 @@ src_prepare() {
 		cd "${S}" || die
 	fi
 
+	if use nginx_modules_http_security ; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+		eapply "${FILESDIR}/http_security-nginx-1.26.2.patch"
+		cd "${S}" || die
+	fi
+
 	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
 	# We have config protection, don't rename etc files
 	sed -i 's:.default::' auto/install || die

diff --git a/www-servers/nginx/nginx-1.27.1-r1.ebuild b/www-servers/nginx/nginx-1.27.1-r2.ebuild
similarity index 99%
rename from www-servers/nginx/nginx-1.27.1-r1.ebuild
rename to www-servers/nginx/nginx-1.27.1-r2.ebuild
index 34de22d938e8..bfc1a4a791b6 100644
--- a/www-servers/nginx/nginx-1.27.1-r1.ebuild
+++ b/www-servers/nginx/nginx-1.27.1-r2.ebuild
@@ -459,6 +459,12 @@ src_prepare() {
 		cd "${S}" || die
 	fi
 
+	if use nginx_modules_http_security ; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+		eapply "${FILESDIR}/http_security-nginx-1.26.2.patch"
+		cd "${S}" || die
+	fi
+
 	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
 	# We have config protection, don't rename etc files
 	sed -i 's:.default::' auto/install || die