gentoo resync : 08.07.2021

author: V3n3RiX <venerix@redcorelinux.org> 2021-07-08 15:03:58 +0100
committer: V3n3RiX <venerix@redcorelinux.org> 2021-07-08 15:03:58 +0100
commit: 814f4cf860e299a046b649eaee5463427984c09c (patch)
tree: 74c45f097899310e599dad6b8df5b63e0f085bc0 /www-servers
parent: 7f0ccc917c7abe6223784c703d86cd14755691fb (diff)
10 files changed, 1530 insertions, 24 deletions
diff --git a/www-servers/Manifest.gz b/www-servers/Manifest.gz
index 8d1e3430d252..b7c405624c72 100644
--- a/www-servers/Manifest.gz
+++ b/www-servers/Manifest.gz
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 1376aa96a3fe..6239281cf8ee 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -12,6 +12,7 @@ AUX nginx.service-r1 356 BLAKE2B 05d89efcc73b70a26655f306f1e074e61c81063cb4e9491
 DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72ccc586d0d7e9d9b91f036a61baa70d1ac8b4ad8045a2bb7a13515912a15fba7d3cdb9670ae6730de43b1e44ee90ded6d SHA512 4e1ea5dd8edadf8f630e4fe92a200d3a8e78963fce3128b5975a1e1ecd0e8bf9ceecd9905c95f8c508932ccd837f1d8ae8bb2ba423307718c3c6a4ae9b783ddd
 DIST nginx-1.20.1.tar.gz 1061461 BLAKE2B ed359db6486fd2152e0246663b8d8f4fc6980594945212545d301ce6ce16088c760d11b26fa1f6e9c392b9464103c570ddccc4343f5ab3f84ede011bb7a6458d SHA512 3d9fd4bf2740eaf20fcc3c77260a3556aaf9dff2879afc2dbb5fff364dea27313ffbc51d335e9fc9c0186a2a44dac055ef60fde0d411b8cf842fdf661478c961
 DIST nginx-1.21.0.tar.gz 1063682 BLAKE2B 3c29a8832e879677ff6df198aa420bbe546322a9d8b000827fdfbeb7e3519374cafd5a75910880f5ae07e78f0096952498c8515be788cf62916e3470d93c66d1 SHA512 1f0c790e5ba104278ef5fc357e60ba2fddd2d8abda1363e26b418324b050f0e9f4901ce23949adede699e9f1340e8480ad8a6c811b7420a74c8f5c101be8a7ad
+DIST nginx-1.21.1.tar.gz 1064925 BLAKE2B ff5dfb4a07d0dd3c8dd10e2545659cc25e15db71109c39ddb315f2949b0ec033ffa6df226f9f882e605bbac0b19a57f85eade41060c3317c9f07231ef496dcea SHA512 4fee94e9981abf4506cc3a24053828e81c763e98a3704b1cc54944cf09b49269a04495aca154b2dc6e065551d60f3f9f219659e93056b67952ecf8d07f9fcd98
 DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
 DIST ngx_brotli-1.0.0rc.tar.gz 16207 BLAKE2B 450d0ea693bd98d4a1b615f2cdcaad41ccd28266f6d80beec7fe77fe750ab8c5d1bb55aabe15161b9b6d819d2b4d99a7774f2706f2f6fd084b52a7c7dddbc00c SHA512 05a880d5e48ac83be84498ed41fb4750211b827a9d7541acfd6ef494e5205a6e853d5594bfec3ab4ae668ea3f803e4f4b0ba550c76811971c8e266e42663c56d
@@ -35,6 +36,8 @@ DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc
 DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
 DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
 DIST njs-0.6.0.tar.gz 528419 BLAKE2B 7b3c9dd4be8182298cc283e8b19eb4efeef66416d26332ae73dde66b5b67ad980c3e07f12fe0006dfb9710f3df449ac2598bfd1803f6c86d721f48697d975087 SHA512 fa569623fd594e859c535c75041be443ef6329a4ee33d9e0f29eeb56e69ae2f3c44264ccba736b4a97ab0b33700f381acb65a884889d6f644f3fbce7c1bc586e
+DIST njs-0.6.1.tar.gz 529124 BLAKE2B a24b6542dcef6599d18b86d38dbaeb554beeddb5c100f5bfb97c87c81bd66842afc6f77f23ef2c542ba32da96d5c2f999d3c869fa8d76d919a4f964020d19e30 SHA512 996cdc11d65af5e3d5b3a8f28087868c40409a062e6e1ed3eac8e516cb60b13f88a945c86bea5dde1bc089fe5f96f3ba351d87dbfd513f7140ea4ce98119959f
 EBUILD nginx-1.20.1-r2.ebuild 40245 BLAKE2B 7bb6e7f24268391af5402b22d94ce867af44061c85055254cdae0cec46a5121239fd31950b1dd1786be2a857ea3cfa9eadab26e26fcd0879f77425d03334a9dd SHA512 30178fe5ef5c97caf0d69e78702f8c218a595803f90ee5b535ce9297c8a85da2809f6f2479561563123d30c4dbe3f27434dc4d930c6c847dd10167066d86b521
 EBUILD nginx-1.21.0-r2.ebuild 40247 BLAKE2B 030d4299eb71c2c15c128d6999de8e37a82b231c2944cacd2d43b86c7b192f2abe43bd87aec89d28b343e9f915947850efc2a05eae9d77083c84de9915c8107f SHA512 39e598591c3ecf5d0b28558375a04c53188b6dfaf44b301ea55a5fe5354bc0e2bf800f0d3167414713369c57627beaa9d7a92242e59eacb30ca3c3d36b586377
+EBUILD nginx-1.21.1.ebuild 40247 BLAKE2B e0913a7d4ce26d71fbdb6f318e7e9c0787a66e7f310d8561e55359f60554cb2d384d11ae85f3c47ca5359db4c82d31242b95c4e5c95b3f8c0c5430ac28815b46 SHA512 238608eeebf243d5baff375a388bdfca4f6b09fa3bc49ca45aa2d5a493e84753bd009156e5a749c77c22562784b869b3358b373231e607618501ef9afd4ca2d5
 MISC metadata.xml 1045 BLAKE2B e439ddfd1104b92548cc094a890152297ff81e1c4c3d04e58df8c2f1ebef01daadf317d3d22047c22c1c907fdfb3ed844d279a4692b837d8afb1149da4205538 SHA512 33b75c84396551de2559a56efb9922284991e5ebaa9a18c9d7088b49290f4225a08302c917090dafd6805bb717aa8bd24cdab8fa6d2a0b12050d43f7cb936847
diff --git a/www-servers/nginx/nginx-1.21.1.ebuild b/www-servers/nginx/nginx-1.21.1.ebuild
new file mode 100644
index 000000000000..8eee002db06b
--- /dev/null
+++ b/www-servers/nginx/nginx-1.21.1.ebuild
@@ -0,0 +1,1087 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.1"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# ngx_brotli (https://github.com/google/ngx_brotli, BSD-2)
+HTTP_BROTLI_MODULE_PV="1.0.0rc"
+HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+HTTP_BROTLI_MODULE_URI="https://github.com/google/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
+HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.33"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.4"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.15"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+LUA_COMPAT=( luajit )
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.2"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
+HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.56"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.1"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="3.0.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.62"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.3"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.19"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
+GEOIP2_MODULE_PV="3.3"
+GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
+GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
+
+# njs-module (https://github.com/nginx/njs, as-is)
+NJS_MODULE_PV="0.6.1"
+NJS_MODULE_P="njs-${NJS_MODULE_PV}"
+NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
+NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools lua-single ssl-cert toolchain-funcs perl-module flag-o-matic user systemd multilib pax-utils
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
+	nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
+	nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
+	proxy referer rewrite scgi ssi split_clients upstream_hash
+	upstream_ip_hash upstream_keepalive upstream_least_conn
+	upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_auth_ldap
+	http_auth_pam
+	http_brotli
+	http_cache_purge
+	http_dav_ext
+	http_echo
+	http_fancyindex
+	http_geoip2
+	http_headers_more
+	http_javascript
+	http_lua
+	http_memc
+	http_metrics
+	http_mogilefs
+	http_naxsi
+	http_push_stream
+	http_security
+	http_slowfs_cache
+	http_sticky
+	http_upload_progress
+	http_upstream_check
+	http_vhost_traffic_status
+	stream_geoip2
+	stream_javascript
+"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	virtual/libcrypt:=
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		dev-libs/openssl:0=
+	)
+	http2? (
+		>=dev-libs/openssl-1.0.1c:0=
+	)
+	http-cache? (
+		userland_GNU? (
+			dev-libs/openssl:0=
+		)
+	)
+	nginx_modules_http_brotli? ( app-arch/brotli:= )
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			dev-libs/openssl:0=
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( ${LUA_DEPS} )
+	nginx_modules_http_auth_pam? ( sys-libs/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
+	nginx_modules_stream_geoip? ( dev-libs/geoip )
+	nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
+	nginx_modules_http_grpc? ( http2 )
+	nginx_modules_http_lua? (
+		${LUA_REQUIRED_USE}
+		nginx_modules_http_rewrite
+	)
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+
+	use nginx_modules_http_lua && lua-single_pkg_setup
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_brotli; then
+		cd "${HTTP_BROTLI_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_brotli-detect-brotli-r3.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eautoreconf
+
+		if use nginx_modules_http_lua; then
+			sed -i \
+				-e "s|^\(LUA_PKGNAMES\)=.*|\1=\"${ELUA}\"|" \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+		cd "${S}" || die
+	fi
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		export LUAJIT_LIB=$(dirname $(lua_get_shared_lib))
+		export LUAJIT_INC=$(lua_get_include_dir)
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_vhost_traffic_status; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
+		myconf+=( --add-module=${GEOIP2_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
+		myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
+	fi
+
+	if use nginx_modules_http_brotli; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
+		stream_enabled=1
+	fi
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export AR CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	local WITHOUT_IPV6=
+	if ! use ipv6; then
+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+	fi
+
+	if [[ -n "${EXTRA_ECONF}" ]]; then
+		myconf+=( ${EXTRA_ECONF} )
+		ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${ESYSROOT}/usr/include${WITHOUT_IPV6}" \
+		--with-ld-opt="-L${ESYSROOT}/usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		--with-compat \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"/etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+	newconfd "${FILESDIR}"/nginx.confd nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${ED}"/usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 ${keepdir_list}
+	fowners ${PN}:${PN} ${keepdir_list}
+
+	fperms 0710 /var/log/nginx
+	fowners 0:${PN} /var/log/nginx
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	# Don't create /run
+	rm -rf "${ED}"/run || die
+
+	if use lua_single_target_luajit; then
+		pax-mark m "${ED}/usr/sbin/nginx"
+	fi
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"/etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn ""
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua; then
+		ewarn ""
+		ewarn "While you can build lua 3rd party module against ${P}"
+		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+		ewarn "officially supported target yet. You are on your own."
+		ewarn "Expect runtime failures, memory leaks and other problems!"
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn ""
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
+	fi
+
+	local _n_permission_layout_checks=0
+	local _has_to_adjust_permissions=0
+	local _has_to_show_permission_warning=0
+
+	# Defaults to 1 to inform people doing a fresh installation
+	# that we ship modified {scgi,uwsgi,fastcgi}_params files
+	local _has_to_show_httpoxy_mitigation_notice=1
+
+	local _replacing_version=
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+			# Should never happen:
+			# Package is abusing slots but doesn't allow multiple parallel installations.
+			# If we run into this situation it is unsafe to automatically adjust any
+			# permission...
+			_has_to_show_permission_warning=1
+
+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+				"You will have to adjust permissions on your own."
+
+			break
+		fi
+
+		local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}")
+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+		# This was before we introduced multiple nginx versions so we
+		# do not need to distinguish between stable and mainline
+		local _need_to_fix_CVE2013_0337=1
+
+		if ver_test ${_replacing_version} -ge 1.4.1-r2; then
+			# We are updating an installation which should already be fixed
+			_need_to_fix_CVE2013_0337=0
+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+		else
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+		fi
+
+		# Do we need to inform about HTTPoxy mitigation?
+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+		if ver_test ${_replacing_version_branch} -lt 1.10; then
+			# Updating from <1.10
+			_has_to_show_httpoxy_mitigation_notice=1
+			debug-print "Need to inform about HTTPoxy mitigation!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.1-r2"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.3-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that the user has
+					# already seen the HTTPoxy mitigation notice because he/she is doing
+					# an update from previous version where we have already shown
+					# the warning. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+				# We are updating an installation where we already informed
+				# that we are mitigating HTTPoxy per default
+				_has_to_show_httpoxy_mitigation_notice=0
+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+			else
+				_has_to_show_httpoxy_mitigation_notice=1
+				debug-print "Need to inform about HTTPoxy mitigation!"
+			fi
+		fi
+
+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+		# All branches up to 1.11 are affected
+		local _need_to_fix_CVE2016_1247=1
+
+		if ver_test ${_replacing_version_branch} -lt 1.10; then
+			# Updating from <1.10
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.2-r3"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.6-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that we have already
+					# adjusted permissions or were never affected because user is
+					# doing an update from previous version which was safe or did
+					# the adjustments. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || ver_test ${_replacing_version} -ge ${_fixed_in_pvr}; then
+				# We are updating an installation which should already be adjusted
+				# or which was never affected
+				_need_to_fix_CVE2016_1247=0
+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+			else
+				_has_to_adjust_permissions=1
+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+			fi
+		fi
+	done
+
+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+		# We do not DIE when chmod/chown commands are failing because
+		# package is already merged on user's system at this stage
+		# and we cannot retry without losing the information that
+		# the existing installation needs to adjust permissions.
+		# Instead we are going to a show a big warning ...
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The world-readable bit (if set) has been removed from the"
+			ewarn "following directories to mitigate a security bug"
+			ewarn "(CVE-2013-0337, bug #458726):"
+			ewarn ""
+			ewarn "  ${EPREFIX}/var/log/nginx"
+			ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'"
+			chmod o-rwx \
+				"${EPREFIX}"/var/log/nginx \
+				"${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+				_has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The permissions on the following directory have been reset in"
+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+			ewarn ""
+			ewarn "  ${EPREFIX}/var/log/nginx"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "Also ensure that no other log directory used by any of your"
+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+			ewarn "used by nginx can be abused to escalate privileges!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			chown 0:nginx "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+			chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+			# Should never happen ...
+			ewarn ""
+			ewarn "*************************************************************"
+			ewarn "***************         W A R N I N G         ***************"
+			ewarn "*************************************************************"
+			ewarn "The one-time only attempt to adjust permissions of the"
+			ewarn "existing nginx installation failed. Be aware that we will not"
+			ewarn "try to adjust the same permissions again because now you are"
+			ewarn "using a nginx version where we expect that the permissions"
+			ewarn "are already adjusted or that you know what you are doing and"
+			ewarn "want to keep custom permissions."
+			ewarn ""
+		fi
+	fi
+
+	# Sanity check for CVE-2016-1247
+	# Required to warn users who received the warning above and thought
+	# they could fix it by unmerging and re-merging the package or have
+	# unmerged a affected installation on purpose in the past leaving
+	# /var/log/nginx on their system due to keepdir/non-empty folder
+	# and are now installing the package again.
+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+	if [ $? -eq 0 ] ; then
+		# Cleanup -- no reason to die here!
+		rm -f "${_sanity_check_testfile}"
+
+		ewarn ""
+		ewarn "*************************************************************"
+		ewarn "***************         W A R N I N G         ***************"
+		ewarn "*************************************************************"
+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+		ewarn "(bug #605008) because nginx user is able to create files in"
+		ewarn ""
+		ewarn "  ${EPREFIX}/var/log/nginx"
+		ewarn ""
+		ewarn "Also ensure that no other log directory used by any of your"
+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+		ewarn "used by nginx can be abused to escalate privileges!"
+	fi
+
+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+		# HTTPoxy mitigation
+		ewarn ""
+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+		ewarn "are sourcing one of the default"
+		ewarn ""
+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
+		ewarn "  - 'scgi_params'"
+		ewarn "  - 'uwsgi_params'"
+		ewarn ""
+		ewarn "files in your server block(s)."
+		ewarn ""
+		ewarn "If this is causing any problems for you make sure that you are sourcing the"
+		ewarn "default parameters _before_ you set your own values."
+		ewarn "If you are relying on user-supplied proxy values you have to remove the"
+		ewarn "correlating lines from the file(s) mentioned above."
+		ewarn ""
+	fi
+}
diff --git a/www-servers/tomcat/Manifest b/www-servers/tomcat/Manifest
index 87070051af6f..60fed027d488 100644
--- a/www-servers/tomcat/Manifest
+++ b/www-servers/tomcat/Manifest
@@ -4,24 +4,29 @@ AUX tomcat-8.5.66-build.xml.patch 10850 BLAKE2B 69353bcf5697e6ae0b930c71fbb87040
 AUX tomcat-9.0.37-fix-build-rewrite.patch 513 BLAKE2B e806ca32771bcad0fbc2f1b3f223af2b17d2caffe6ed034783294650d4ec22c8d9d9d215ade85569f6627508c61b7d469412d582093708b6bb728d6123d65155 SHA512 7aab16d1b52fa88352df849ca051dcaf27f645b1b3edd3df3a7d87385b5068d300105f89c18ba3a0f65818739b85ec847ddd5b28b8b655efbb7b39036099cae2
 AUX tomcat-9.0.43-insufficient-ecj.patch 2304 BLAKE2B b25d68db5020f7ec118c1fc03e12049da99f84fbebc2fa636c896d5647cf8cdc6e136a27f611f0de975e9c2243b516144be7853a8aab05496fc32112d31478b3 SHA512 60fee887ba9e83f92dd87d75a7c0fad05b5a7458ddb94c9e718aecffd9b968beaf7ce8c2b7e9bb31b9286d5cd77f89afd3775c0ccbc1fff58bfa2b70066d06b6
 AUX tomcat-9.0.46-build.xml.patch 11402 BLAKE2B f9f7bbef835318220f0486c4eafe6e2db12d8ae3a252be921638c15ba3685f92a0ee8bc816bfde2f4bbab546117eb0fa654cb4c6cfac4ffd76dab88faecea656 SHA512 8301d7225b7c02fe79678ce0b2d6d9176de81ffa9e973f5c8c9ea0ec48c17a023ec27151793f1ed39248f15f0e6ecad92093acaf587ccf5f48031e8d302e7fe7
+AUX tomcat-9.0.50-insufficient-ecj.patch 2890 BLAKE2B 586fed374f9da437d441d59272faaadf898b684375edd999f7ea50c81a5fe1ffe98e89037ee64997e583fa835f32598a7b16f0595be75fbf947264d84eea4379 SHA512 3d31beab19f79b8bd477d06e2b0ff7575e8c5cfb6c056da6fb1c19e2a1efebe9151c9b698baa1e4168006a9c28974eb49924bf52c89795ba227111d678e38439
 AUX tomcat-instance-manager-r1.bash 6451 BLAKE2B 3bcd9dd4d3360a91f4a548c050eab6f7174453cfbe7b4a1a7167e122efa3ec2ea6c17c88de1f9223e21e773cf717ed04d79fe0b1e7fc816400033094a07a35c6 SHA512 3c8f994519d1ca5ff24229798786ad3d75dd20dbf8b3b81f6c0ccd121b978d2cb12633270f463a39ed5c4097e5869b1a4bfbf867994a64c5e41916e378038570
 AUX tomcat-instance-manager-r2.bash 6999 BLAKE2B f1c771678bd8b894ecf242d5a8fb22f5b2f0f33445a1ff158c242b5154edc4483a5707ce33a5dcee53a3106e631ad8218243d8b72a32a10cd99e9646fa54085d SHA512 c30c156cbf2b53cf8498288bacaedd48872dce52f461ff32071310b438bdb5015c1cd1d512a2905c4db01e2b22342590e1b8aeadbd44f29062606fabbb2f2fed
 AUX tomcat-r1.init 3200 BLAKE2B eb913d32bb8c1883e58551a25ff9516337d947c6fd2c7b449601a89a4518286d61dbca76417265289782a7a08540d8e78a3ea1cd1427d43d87e24813261c0fee SHA512 3d32e2ad998adfbaea5fe0ffcbbe6659dcb530a110faed5f2712ae2fd767353b1fc3f1ac83a24d43138c1bfc55949e645833a428ab982be14415887fc46d9fab
 AUX tomcat.conf 1811 BLAKE2B a92606e113172c6f0f73e18ab8ad8796f38bd8c741bb2fd1f6c43d7682728729d0198d4150e42282c7e732750231b7cdbfb51de9b24f2ba780a22700965113c5 SHA512 0747dd2fdad6c68123425adce39f625d34924ae3e7c9d5a00361565a593047d7a4d01dee64c1ef831e5ad79b51750babaf642b0588d4b5948bbed441d53d654d
 DIST apache-tomcat-10.0.6-src.tar.gz 5987333 BLAKE2B b955d3708555c5530ebccaf9c6e8c344a679666bdd45361980d722d2cb48b618a03dc2514f973c182c2c1eaf96852e5a5eadad89575ee1bf524213211191a6a4 SHA512 229e8767b8f53f6b5c0e28f13a1daffd6fb8307a5239ae28ee1522087d881e4c9e3f1a0d39bfc852d5e54166dbb8a0a1577210a325845815c7281c4babc0b100
 DIST apache-tomcat-10.0.7-src.tar.gz 6001147 BLAKE2B f1aee4748d404d02188369603824dcc97765e907cfc3872f54b1859ae950a9475d72862caa2179ac39e4cbdb8c23424f89c4cbbfff8a2e079a842b0054257009 SHA512 395b0280666c6779f6378cb87e9abdb637a823e7f89452b7324329f4c0a1fe0b315275dca5df2f80a38c6f1ef98541bd1ea762df7af9cb15e4466c3b89e4e7a8
+DIST apache-tomcat-10.0.8-src.tar.gz 6010420 BLAKE2B 86390f04147d3082fbc9f15704121cbd6aa8ba756b4bc03e64a49aae3dca96c6b503949da0096f8ddf143bdeb1320b7601008683ce94bdad9ef235e1f73ad948 SHA512 c264be4cb29d87c95918d2723ab20bc7e2cb5149cb366cca348c6cd311b0f38ac500ed6b4756b20245a446ead50e7208f77093d6081563ed76d6691abfcbe14c
 DIST apache-tomcat-7.0.109-src.tar.gz 5314401 BLAKE2B 56583caea6879bf8ca5cc02a886de3d7af413032f88d367653e709dc1c8f590e78620c788317bbff4b6e65dd3e242cc26863164ac8e7c87334a22636f3ed0703 SHA512 ecf9c0bee0e3e1aa24f299fe633705c5a2f6aa264d9e4968cfc96aa5d0a425c2b0ff07765a8b6c67221766733bdfaed6e6c6377a8d0870d889e7063ce90a46ce
 DIST apache-tomcat-8.5.66-src.tar.gz 5879748 BLAKE2B bfef20872bd19ffa2bb34b98a1da875fdd5f232e681458f0aef093b7eecd63a95c1cd26130f54251f149249e639d0da2577770e43314d2a86b8ee9b48b675f0d SHA512 322fda683197898f873feb375791092d33c90aac08a54889fabab0f59ecbc7b27784f027b37008c6893fdbf8ca7973b73268f42673d7e8df762419b5a536593b
 DIST apache-tomcat-8.5.68-src.tar.gz 5907026 BLAKE2B 2312edb94f98ee98b594325fbc32521776e9cadc4422a3a46f3651f1fee072a99c5f6874378ac06215396504d34ad750edd6ec3399a3931554068195a8ee15ef SHA512 579a35f944ead756995d288b66ea8a4ab30289a90c32aa01119abcea85a8524f6594ce5cb7ac9df6d352c1e3b54a18c814b5d3a6409dce6a43614e3a89284066
 DIST apache-tomcat-9.0.46-src.tar.gz 6068533 BLAKE2B 400814281aedd588c008a1363199f8602e856870d4c39d536b13f8a357c2390d2db689940f4a6971ec74a84e8e400174e72610e0d64a220de41f2dff419dda3c SHA512 dc380e23aa87273c6ba32e79659e768c551b07812635c2f1c62d2c34b493b1d3d51b4548fec5014fdb36f8461fc90942aa7917874ddf3d6f5c5345d8ca02dfc1
 DIST apache-tomcat-9.0.48-src.tar.gz 6080015 BLAKE2B 9b2cac8143ca8186857d7d53e8737f2f7d2ec8e0ca03d32447ad25b429cbf37c1c7b39bc6e4b93679c08bd5f4940280d00946a70e9fa82f8c2a596ea18a2a4c6 SHA512 9b762f6d1a1f6c75e10f1bc05c39a647ae2165f3b81c09ff73cc286f3c487b034b9d14c73b808c73b35f55f642848831a0329d9d611c8bbb3928559e552a3ff3
+DIST apache-tomcat-9.0.50-src.tar.gz 6086608 BLAKE2B 59b5eb1616d377193f330fd8c5abb6e98926ab0a2f75b1ea14251d249837aad733f55a0b79f2a67de57f612dd1afdeae53836be97e81701d8dc27ecb0a381d4a SHA512 1032d2d5c342fb495b76426fdc301e0e5546815e709e604061d7aa2cdab19bcd376adc957fd25dee1d574306186eafd2e9d24140dd5e725b130128592cac47a2
 DIST biz.aQute.bnd-5.1.1.jar 16088761 BLAKE2B 59906cc39ea27ef20cbf82de1ba78096f34dc417da6dc5c28e21f6e92c0625efecf14cec6c5faf0ab17551c31a6c87a24614c2ac75ac902cfea30199ecc0d39f SHA512 8092b083e7b86e75bf27233964763b88bee74d8ae141c85e387c1cc8bd0cbf3a54be27afea29931fb3ae950700a515fd4a28cfe8e7f26cbaaec506aa06357a37
 DIST biz.aQute.bndlib-5.1.1.jar 3652944 BLAKE2B dad9f9835fb407a36e0eae4b65fa2fda147e06ab3f3211a2ed2f1631aeccd6d14d198c325793cb1ce9a57b719a836db230d0452715744ba5a4a6c2983c17916b SHA512 d7da056ba541ae0862159bf5e38e1a5351b2ab5388c88733b46601c2d7dab8970f16af00df186a6cb67fbe81ef53f2c8402db9d28a8c6819dadf60a1df40879b
 EBUILD tomcat-10.0.6.ebuild 5920 BLAKE2B e688681999674380319dcb3651162c089aec032501ee1b96d2f12e9c3d7cb5b30a197683323ca18181d68ee7a70cb5ab979669dcb12d55d9dadf75b3eec0d136 SHA512 21dfc89a64db1f34b9e4314ef8b7b1144b205548d81c93b9a89e65703619d8bc54d7359f70c78b6aa39a5f1368b63b49b32a8169259c35926536cb1bedcabc6b
 EBUILD tomcat-10.0.7.ebuild 5920 BLAKE2B e688681999674380319dcb3651162c089aec032501ee1b96d2f12e9c3d7cb5b30a197683323ca18181d68ee7a70cb5ab979669dcb12d55d9dadf75b3eec0d136 SHA512 21dfc89a64db1f34b9e4314ef8b7b1144b205548d81c93b9a89e65703619d8bc54d7359f70c78b6aa39a5f1368b63b49b32a8169259c35926536cb1bedcabc6b
+EBUILD tomcat-10.0.8.ebuild 5920 BLAKE2B 6bc1cb899bfac912196be33f6e4f03dda576987af8786ae5233981b930a39d1b1f7600410d7a0c9cb80e8a0e345e12218de8129121c58480c882ba4f350b12c6 SHA512 7a68ce76cb33398a8a4d3a1eb93139be2f14e5e22c75421dc03136aeed06a8bcc3d5d5bd94bea93d8f8c6c2d0625fb0c2d1aac73838ff3d6eaeaddf900b6fd6b
 EBUILD tomcat-7.0.109.ebuild 4147 BLAKE2B 8023fb9265a3e57bbdb506559bfe9a337f566e09b6cccd0e74e84341e54d1434134eb0aecaf72a97113826d8f7359dea1e5672db44e9dfb706b020cf79c51802 SHA512 0730da2fe90a5fa203e03eef5044eb8b90c5b800d064d65467370834b788c3de03ea5c57ccfe20b29deac9c560c68029e94a80be180b240356565121d453a2a4
 EBUILD tomcat-8.5.66.ebuild 4736 BLAKE2B 99ac3fe1e217729c87256b892cbd781cbda8f3235b526d19f087fcb39613f725825fde1802c013427c5b2621ca9e1380a2afe0f7fc4600570c640619d52cef0a SHA512 122f809b5148b3da0e83a3fe2e3fc4db4a6db8e0b8ec1270cde7a282ee074eaba6a8b716814b2065b9f29730a8dca221712830088f378417dd47789ab0174c62
 EBUILD tomcat-8.5.68.ebuild 4737 BLAKE2B 0fc89880a266872832a8f199af5cfc3aa6ec0e14ab8214eca907dbf91e68f5306c23fcef1fdfa852c7e8051ec6953086338380552ea1c08ec45a828d6fc35d9a SHA512 f3b4c598e3a022baf63a81068751a4c73f3106a1583c5d9d3493fd6aa5fc7a87e91cc023203b81c86ed3683bacdaed728886bbffadd1bb102b5e2a678f75b26a
 EBUILD tomcat-9.0.46.ebuild 5632 BLAKE2B 62c2441708f0213f2ca077bc7b8b52ecbf8d46f5f7c1720d30c6d93b21f82fa73613e06a9067b07a54dab2910344e7c2cdbe966f4fe5a6476998901bff4d5bc6 SHA512 d7a0f0c44598be1ff78d891894b91d9ffa2e8906a5733d1d8054f50250e7b7cb009d26416a11fad64a3b7bf6a0228930b1cf340e5a61dc4605e3865edb75c4ab
 EBUILD tomcat-9.0.48.ebuild 5632 BLAKE2B 62c2441708f0213f2ca077bc7b8b52ecbf8d46f5f7c1720d30c6d93b21f82fa73613e06a9067b07a54dab2910344e7c2cdbe966f4fe5a6476998901bff4d5bc6 SHA512 d7a0f0c44598be1ff78d891894b91d9ffa2e8906a5733d1d8054f50250e7b7cb009d26416a11fad64a3b7bf6a0228930b1cf340e5a61dc4605e3865edb75c4ab
+EBUILD tomcat-9.0.50.ebuild 5632 BLAKE2B 616ff7cfe9e1e408be386a2c6f9146370440ac4cd84a3afa15893bc5e00afa73a47b8760d5c2434099b38cfaa069bd65f23efe78eee64b0abcbf499bb72a97d4 SHA512 9eca0997e3559fad1b90b567a68e915e6d22a25e05eacd08cb7abba0575e7e6db76168a3aa1fd33d60b19754d6082f1578417deb4c04ae82fb1575531e50709a
 MISC metadata.xml 712 BLAKE2B 3e0a9b1bd07334015006678c0e1d933dc3d7b65291425754f7bcaec673f2316ba85b2e7df2c79a90f0d53dfbc443329cbea8ddfde7d4c93a1635b6140a3b18b6 SHA512 bc7c894d5f945a732078cc4d9a7fa9d0374ebb6aec449487f8968b22aed07bc5e20094448fda9be7516206121d0dfec8c6d6e48ee818786999703ea778a82109
diff --git a/www-servers/tomcat/files/tomcat-9.0.50-insufficient-ecj.patch b/www-servers/tomcat/files/tomcat-9.0.50-insufficient-ecj.patch
new file mode 100644
index 000000000000..13e82c9c6517
--- /dev/null
+++ b/www-servers/tomcat/files/tomcat-9.0.50-insufficient-ecj.patch
@@ -0,0 +1,40 @@
+diff --git a/java/org/apache/jasper/compiler/JDTCompiler.java b/java/org/apache/jasper/compiler/JDTCompiler.java
+index 10d80e0..34ff7e0 100644
+--- a/java/org/apache/jasper/compiler/JDTCompiler.java
++++ b/java/org/apache/jasper/compiler/JDTCompiler.java
+@@ -306,11 +306,11 @@ public class JDTCompiler extends org.apache.jasper.compiler.Compiler {
+             } else if(opt.equals("13")) {
+                 settings.put(CompilerOptions.OPTION_Source, CompilerOptions.VERSION_13);
+             } else if(opt.equals("14")) {
+-                settings.put(CompilerOptions.OPTION_Source, CompilerOptions.VERSION_14);
++                settings.put(CompilerOptions.OPTION_Source, "14");
+             } else if(opt.equals("15")) {
+-                settings.put(CompilerOptions.OPTION_Source, CompilerOptions.VERSION_15);
++                settings.put(CompilerOptions.OPTION_Source, "15");
+             } else if(opt.equals("16")) {
+-                settings.put(CompilerOptions.OPTION_Source, CompilerOptions.VERSION_16);
++                settings.put(CompilerOptions.OPTION_Source, "16");
+             } else if(opt.equals("17")) {
+                 // Constant not available in latest ECJ version shipped with
+                 // Tomcat. May be supported in a snapshot build.
+@@ -366,14 +366,14 @@ public class JDTCompiler extends org.apache.jasper.compiler.Compiler {
+                 settings.put(CompilerOptions.OPTION_TargetPlatform, CompilerOptions.VERSION_13);
+                 settings.put(CompilerOptions.OPTION_Compliance, CompilerOptions.VERSION_13);
+             } else if(opt.equals("14")) {
+-                settings.put(CompilerOptions.OPTION_TargetPlatform, CompilerOptions.VERSION_14);
+-                settings.put(CompilerOptions.OPTION_Compliance, CompilerOptions.VERSION_14);
++                settings.put(CompilerOptions.OPTION_TargetPlatform, "14");
++                settings.put(CompilerOptions.OPTION_Compliance, "14");
+             } else if(opt.equals("15")) {
+-                settings.put(CompilerOptions.OPTION_TargetPlatform, CompilerOptions.VERSION_15);
+-                settings.put(CompilerOptions.OPTION_Compliance, CompilerOptions.VERSION_15);
++                settings.put(CompilerOptions.OPTION_TargetPlatform, "15");
++                settings.put(CompilerOptions.OPTION_Compliance, "15");
+             } else if(opt.equals("16")) {
+-                settings.put(CompilerOptions.OPTION_TargetPlatform, CompilerOptions.VERSION_16);
+-                settings.put(CompilerOptions.OPTION_Compliance, CompilerOptions.VERSION_16);
++                settings.put(CompilerOptions.OPTION_TargetPlatform, "16");
++                settings.put(CompilerOptions.OPTION_Compliance, "16");
+             } else if(opt.equals("17")) {
+                 // Constant not available in latest ECJ version shipped with
+                 // Tomcat. May be supported in a snapshot build.
diff --git a/www-servers/tomcat/tomcat-10.0.8.ebuild b/www-servers/tomcat/tomcat-10.0.8.ebuild
new file mode 100644
index 000000000000..0b16b403fb0f
--- /dev/null
+++ b/www-servers/tomcat/tomcat-10.0.8.ebuild
@@ -0,0 +1,192 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+JAVA_PKG_IUSE="doc source test"
+
+inherit java-pkg-2 java-ant-2 prefix
+
+MY_P="apache-${PN}-${PV}-src"
+
+# Currently we bundle binary versions of bnd.jar and bndlib.jar
+# See bugs #203080 and #676116
+BND_VERSION="5.1.1"
+BND="biz.aQute.bnd-${BND_VERSION}.jar"
+BNDLIB="biz.aQute.bndlib-${BND_VERSION}.jar"
+
+DESCRIPTION="Tomcat Servlet-5.0/JSP-3.0/EL-4.0/WebSocket-2.0/JASIC-2.0 Container"
+HOMEPAGE="https://tomcat.apache.org/"
+SRC_URI="mirror://apache/${PN}/tomcat-9/v${PV}/src/${MY_P}.tar.gz
+	https://repo.maven.apache.org/maven2/biz/aQute/bnd/biz.aQute.bnd/${BND_VERSION}/${BND}
+	https://repo.maven.apache.org/maven2/biz/aQute/bnd/biz.aQute.bndlib/${BND_VERSION}/${BNDLIB}"
+
+LICENSE="Apache-2.0"
+SLOT="10"
+KEYWORDS="~amd64 ~amd64-linux"
+IUSE="extra-webapps"
+
+RESTRICT="test" # can we run them on a production system?
+
+ECJ_SLOT="4.15"
+SAPI_SLOT="5.0"
+
+COMMON_DEP="dev-java/eclipse-ecj:${ECJ_SLOT}
+	dev-java/glassfish-xmlrpc-api:0
+	dev-java/jakartaee-migration:0
+	~dev-java/tomcat-servlet-api-${PV}:${SAPI_SLOT}
+	dev-java/wsdl4j:0"
+RDEPEND="${COMMON_DEP}
+	acct-group/tomcat
+	acct-user/tomcat
+	virtual/jre"
+DEPEND="${COMMON_DEP}
+	app-admin/pwgen
+	dev-java/ant-core
+	virtual/jdk:1.8
+	test? (
+		dev-java/ant-junit:0
+		dev-java/easymock:3.2
+	)"
+
+S=${WORKDIR}/${MY_P}
+
+PATCHES=(
+	"${FILESDIR}/${PN}-9.0.50-insufficient-ecj.patch"
+)
+
+BND_HOME="${S}/tomcat-build-libs/bnd"
+BNDLIB_HOME="${S}/tomcat-build-libs/bndlib"
+BND_JAR="${BND_HOME}/${BND}"
+BNDLIB_JAR="${BNDLIB_HOME}/${BND_LIB}"
+
+src_unpack() {
+	unpack ${MY_P}.tar.gz
+
+	mkdir -p "${BND_HOME}" "${BNDLIB_HOME}" || die "Failed to create dir"
+	ln -s "${DISTDIR}/${BND}" "${BND_HOME}/" || die "Failed to symlink bnd-*.jar"
+	ln -s "${DISTDIR}/${BND}" "${BNDLIB_HOME}/" || die "Failed to symlink bndlib-*.jar"
+}
+
+src_prepare() {
+	default
+
+	find -name '*.jar' -type f -delete -print || die
+
+	# Remove bundled servlet-api
+	rm -rv java/jakarta/{el,servlet} || die
+
+	eapply "${FILESDIR}/${PN}-10.0.4-build.xml.patch"
+
+	# For use of catalina.sh in netbeans
+	sed -i -e "/^# ----- Execute The Requested Command/ a\
+		CLASSPATH=\`java-config --with-dependencies --classpath ${PN}-${SLOT}\`" \
+		bin/catalina.sh || die
+
+	java-pkg-2_src_prepare
+}
+
+JAVA_ANT_REWRITE_CLASSPATH="true"
+
+EANT_BUILD_TARGET="deploy"
+EANT_GENTOO_CLASSPATH="eclipse-ecj-${ECJ_SLOT},jakartaee-migration,tomcat-servlet-api-${SAPI_SLOT},wsdl4j"
+EANT_TEST_GENTOO_CLASSPATH="easymock-3.2"
+EANT_GENTOO_CLASSPATH_EXTRA="${S}/output/classes"
+EANT_NEEDS_TOOLS="true"
+EANT_EXTRA_ARGS="-Dversion=${PV}-gentoo -Dversion.number=${PV} -Dcompile.debug=false -Dbnd.jar=${BND_JAR} -Dbndlib.jar=${BNDLIB_JAR}"
+
+# revisions of the scripts
+IM_REV="-r2"
+INIT_REV="-r1"
+
+src_configure() {
+	java-ant-2_src_configure
+
+	eapply "${FILESDIR}/${PN}-9.0.37-fix-build-rewrite.patch"
+}
+
+src_compile() {
+	EANT_GENTOO_CLASSPATH_EXTRA+=":$(java-pkg_getjar --build-only ant-core ant.jar):$(java-pkg_getjars --build-only glassfish-xmlrpc-api)"
+	LC_ALL=C java-pkg-2_src_compile
+}
+
+src_test() {
+	java-pkg-2_src_test
+}
+
+src_install() {
+	local dest="/usr/share/${PN}-${SLOT}"
+
+	java-pkg_jarinto "${dest}"/bin
+	java-pkg_dojar output/build/bin/*.jar
+	exeinto "${dest}"/bin
+	doexe output/build/bin/*.sh
+
+	java-pkg_jarinto "${dest}"/lib
+	java-pkg_dojar output/build/lib/*.jar
+
+	dodoc RELEASE-NOTES RUNNING.txt
+	use doc && java-pkg_dojavadoc output/dist/webapps/docs/api
+	use source && java-pkg_dosrc java/*
+
+	### Webapps ###
+
+	# add missing docBase
+	local apps="host-manager manager"
+	for app in ${apps}; do
+		sed -i -e "s|=\"true\" >|=\"true\" docBase=\"\$\{catalina.home\}/webapps/${app}\" >|" \
+			output/build/webapps/${app}/META-INF/context.xml || die
+	done
+
+	insinto "${dest}"/webapps
+	doins -r output/build/webapps/{host-manager,manager,ROOT}
+	use extra-webapps && doins -r output/build/webapps/{docs,examples}
+
+	### Config ###
+
+	# create "logs" directory in $CATALINA_BASE
+	# and set correct perms, see #458890
+	dodir "${dest}"/logs
+	fperms 0750 "${dest}"/logs
+
+	# replace the default pw with a random one, see #92281
+	local randpw="$(pwgen -s -B 15 1)"
+	sed -i -e "s|SHUTDOWN|${randpw}|" output/build/conf/server.xml || die
+
+	# prepend gentoo.classpath to common.loader, see #453212
+	sed -i -e 's/^common\.loader=/\0${gentoo.classpath},/' output/build/conf/catalina.properties || die
+
+	insinto "${dest}"
+	doins -r output/build/conf
+
+	### rc ###
+
+	cp "${FILESDIR}"/tomcat{.conf,${INIT_REV}.init,-instance-manager${IM_REV}.bash} "${T}" || die
+	eprefixify "${T}"/tomcat{.conf,${INIT_REV}.init,-instance-manager${IM_REV}.bash}
+	sed -i -e "s|@SLOT@|${SLOT}|g" "${T}"/tomcat{.conf,${INIT_REV}.init,-instance-manager${IM_REV}.bash} || die
+
+	insinto "${dest}"/gentoo
+	doins "${T}"/tomcat.conf
+	exeinto "${dest}"/gentoo
+	newexe "${T}"/tomcat${INIT_REV}.init tomcat.init
+	newexe "${T}"/tomcat-instance-manager${IM_REV}.bash tomcat-instance-manager.bash
+}
+
+pkg_postinst() {
+	elog "New ebuilds of Tomcat support running multiple instances. If you used prior version"
+	elog "of Tomcat (<7.0.32), you have to migrate your existing instance to work with new Tomcat."
+	elog "You can find more information at https://wiki.gentoo.org/wiki/Apache_Tomcat"
+
+	elog "To manage Tomcat instances, run:"
+	elog "  ${EPREFIX}/usr/share/${PN}-${SLOT}/gentoo/tomcat-instance-manager.bash --help"
+
+	ewarn "Please note that since version 10 the primary package for all implemented APIs"
+	ewarn "has changed from javax.* to jakarta.*. This will almost certainly require code"
+	ewarn "changes to enable applications to migrate from Tomcat 9 and earlier to Tomcat 10 and later."
+
+	ewarn "tomcat-dbcp.jar is not built at this time. Please fetch jar"
+	ewarn "from upstream binary if you need it. Gentoo Bug # 144276"
+
+	einfo "Please read https://wiki.gentoo.org/wiki/Apache_Tomcat and"
+	einfo "https://wiki.gentoo.org/wiki/Project:Java/Tomcat_6_Guide for more information."
+}
diff --git a/www-servers/tomcat/tomcat-9.0.50.ebuild b/www-servers/tomcat/tomcat-9.0.50.ebuild
new file mode 100644
index 000000000000..8905e0fad241
--- /dev/null
+++ b/www-servers/tomcat/tomcat-9.0.50.ebuild
@@ -0,0 +1,187 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+JAVA_PKG_IUSE="doc source test"
+
+inherit java-pkg-2 java-ant-2 prefix
+
+MY_P="apache-${PN}-${PV}-src"
+
+# Currently we bundle binary versions of bnd.jar and bndlib.jar
+# See bugs #203080 and #676116
+BND_VERSION="5.1.1"
+BND="biz.aQute.bnd-${BND_VERSION}.jar"
+BNDLIB="biz.aQute.bndlib-${BND_VERSION}.jar"
+
+DESCRIPTION="Tomcat Servlet-4.0/JSP-2.3/EL-3.0/WebSocket-1.1/JASPIC-1.1 Container"
+HOMEPAGE="https://tomcat.apache.org/"
+SRC_URI="mirror://apache/${PN}/tomcat-9/v${PV}/src/${MY_P}.tar.gz
+	https://repo.maven.apache.org/maven2/biz/aQute/bnd/biz.aQute.bnd/${BND_VERSION}/${BND}
+	https://repo.maven.apache.org/maven2/biz/aQute/bnd/biz.aQute.bndlib/${BND_VERSION}/${BNDLIB}"
+
+LICENSE="Apache-2.0"
+SLOT="9"
+KEYWORDS="~amd64 ~x86 ~amd64-linux ~x86-linux ~x86-solaris"
+IUSE="extra-webapps"
+
+RESTRICT="test" # can we run them on a production system?
+
+ECJ_SLOT="4.15"
+SAPI_SLOT="4.0"
+
+COMMON_DEP="dev-java/eclipse-ecj:${ECJ_SLOT}
+	dev-java/glassfish-xmlrpc-api:0
+	~dev-java/tomcat-servlet-api-${PV}:${SAPI_SLOT}
+	dev-java/wsdl4j:0"
+RDEPEND="${COMMON_DEP}
+	acct-group/tomcat
+	acct-user/tomcat
+	virtual/jre"
+DEPEND="${COMMON_DEP}
+	app-admin/pwgen
+	>=dev-java/ant-core-1.9.13
+	virtual/jdk:1.8
+	test? (
+		>=dev-java/ant-junit-1.9:0
+		dev-java/easymock:3.2
+	)"
+
+S=${WORKDIR}/${MY_P}
+
+PATCHES=(
+	"${FILESDIR}/${PN}-9.0.50-insufficient-ecj.patch"
+)
+
+BND_HOME="${S}/tomcat-build-libs/bnd"
+BNDLIB_HOME="${S}/tomcat-build-libs/bndlib"
+BND_JAR="${BND_HOME}/${BND}"
+BNDLIB_JAR="${BNDLIB_HOME}/${BND_LIB}"
+
+src_unpack() {
+	unpack ${MY_P}.tar.gz
+
+	mkdir -p "${BND_HOME}" "${BNDLIB_HOME}" || die "Failed to create dir"
+	ln -s "${DISTDIR}/${BND}" "${BND_HOME}/" || die "Failed to symlink bnd-*.jar"
+	ln -s "${DISTDIR}/${BND}" "${BNDLIB_HOME}/" || die "Failed to symlink bndlib-*.jar"
+}
+
+src_prepare() {
+	default
+
+	find -name '*.jar' -type f -delete -print || die
+
+	# Remove bundled servlet-api
+	rm -rv java/javax/{el,servlet} || die
+
+	eapply "${FILESDIR}/${PN}-9.0.46-build.xml.patch"
+
+	# For use of catalina.sh in netbeans
+	sed -i -e "/^# ----- Execute The Requested Command/ a\
+		CLASSPATH=\`java-config --with-dependencies --classpath ${PN}-${SLOT}\`" \
+		bin/catalina.sh || die
+
+	java-pkg-2_src_prepare
+}
+
+JAVA_ANT_REWRITE_CLASSPATH="true"
+
+EANT_BUILD_TARGET="deploy"
+EANT_GENTOO_CLASSPATH="eclipse-ecj-${ECJ_SLOT},tomcat-servlet-api-${SAPI_SLOT},wsdl4j"
+EANT_TEST_GENTOO_CLASSPATH="easymock-3.2"
+EANT_GENTOO_CLASSPATH_EXTRA="${S}/output/classes"
+EANT_NEEDS_TOOLS="true"
+EANT_EXTRA_ARGS="-Dversion=${PV}-gentoo -Dversion.number=${PV} -Dcompile.debug=false -Dbnd.jar=${BND_JAR} -Dbndlib.jar=${BNDLIB_JAR}"
+
+# revisions of the scripts
+IM_REV="-r2"
+INIT_REV="-r1"
+
+src_configure() {
+	java-ant-2_src_configure
+
+	eapply "${FILESDIR}/${PN}-9.0.37-fix-build-rewrite.patch"
+}
+
+src_compile() {
+	EANT_GENTOO_CLASSPATH_EXTRA+=":$(java-pkg_getjar --build-only ant-core ant.jar):$(java-pkg_getjars --build-only glassfish-xmlrpc-api)"
+	LC_ALL=C java-pkg-2_src_compile
+}
+
+src_test() {
+	java-pkg-2_src_test
+}
+
+src_install() {
+	local dest="/usr/share/${PN}-${SLOT}"
+
+	java-pkg_jarinto "${dest}"/bin
+	java-pkg_dojar output/build/bin/*.jar
+	exeinto "${dest}"/bin
+	doexe output/build/bin/*.sh
+
+	java-pkg_jarinto "${dest}"/lib
+	java-pkg_dojar output/build/lib/*.jar
+
+	dodoc RELEASE-NOTES RUNNING.txt
+	use doc && java-pkg_dojavadoc output/dist/webapps/docs/api
+	use source && java-pkg_dosrc java/*
+
+	### Webapps ###
+
+	# add missing docBase
+	local apps="host-manager manager"
+	for app in ${apps}; do
+		sed -i -e "s|=\"true\" >|=\"true\" docBase=\"\$\{catalina.home\}/webapps/${app}\" >|" \
+			output/build/webapps/${app}/META-INF/context.xml || die
+	done
+
+	insinto "${dest}"/webapps
+	doins -r output/build/webapps/{host-manager,manager,ROOT}
+	use extra-webapps && doins -r output/build/webapps/{docs,examples}
+
+	### Config ###
+
+	# create "logs" directory in $CATALINA_BASE
+	# and set correct perms, see #458890
+	dodir "${dest}"/logs
+	fperms 0750 "${dest}"/logs
+
+	# replace the default pw with a random one, see #92281
+	local randpw="$(pwgen -s -B 15 1)"
+	sed -i -e "s|SHUTDOWN|${randpw}|" output/build/conf/server.xml || die
+
+	# prepend gentoo.classpath to common.loader, see #453212
+	sed -i -e 's/^common\.loader=/\0${gentoo.classpath},/' output/build/conf/catalina.properties || die
+
+	insinto "${dest}"
+	doins -r output/build/conf
+
+	### rc ###
+
+	cp "${FILESDIR}"/tomcat{.conf,${INIT_REV}.init,-instance-manager${IM_REV}.bash} "${T}" || die
+	eprefixify "${T}"/tomcat{.conf,${INIT_REV}.init,-instance-manager${IM_REV}.bash}
+	sed -i -e "s|@SLOT@|${SLOT}|g" "${T}"/tomcat{.conf,${INIT_REV}.init,-instance-manager${IM_REV}.bash} || die
+
+	insinto "${dest}"/gentoo
+	doins "${T}"/tomcat.conf
+	exeinto "${dest}"/gentoo
+	newexe "${T}"/tomcat${INIT_REV}.init tomcat.init
+	newexe "${T}"/tomcat-instance-manager${IM_REV}.bash tomcat-instance-manager.bash
+}
+
+pkg_postinst() {
+	elog "New ebuilds of Tomcat support running multiple instances. If you used prior version"
+	elog "of Tomcat (<7.0.32), you have to migrate your existing instance to work with new Tomcat."
+	elog "You can find more information at https://wiki.gentoo.org/wiki/Apache_Tomcat"
+
+	elog "To manage Tomcat instances, run:"
+	elog "  ${EPREFIX}/usr/share/${PN}-${SLOT}/gentoo/tomcat-instance-manager.bash --help"
+
+	ewarn "tomcat-dbcp.jar is not built at this time. Please fetch jar"
+	ewarn "from upstream binary if you need it. Gentoo Bug # 144276"
+
+	einfo "Please read https://wiki.gentoo.org/wiki/Apache_Tomcat and"
+	einfo "https://wiki.gentoo.org/wiki/Project:Java/Tomcat_6_Guide for more information."
+}
diff --git a/www-servers/xsp/Manifest b/www-servers/xsp/Manifest
index 7f881bde99d4..f4e31e71242d 100644
--- a/www-servers/xsp/Manifest
+++ b/www-servers/xsp/Manifest
@@ -8,6 +8,6 @@ AUX systemd/mono-xsp4.service 340 BLAKE2B 96674d1c6cdfffcfa0a2530ea58c99b4cea8e7
 AUX systemd/mono.webapp 315 BLAKE2B 159a9c27bba5956dad1b7a2ec1587bd35782d1cb236b9c957c1906b52faeceb4d333e91872b9505e73153a4d16bc1ed6aa76b3b296c1641cb0dc04fc4f56744f SHA512 e7b33fa0f36b27854c8a215cacab25760b5ff91f12415dbd9406e1f92cb0faf035bcfb14b8e0b37c22ff73f0a9c31a1cf9ac213c9167e5f8618a943440e0384d
 DIST xsp-3.8_p2014120900.tar.gz 307722 BLAKE2B a6c7723e41490022ea969961f93fa3cb5b5eb583edd6ad1ef40dc38adc29cc9c0de16b7da5e98074b0848cdb7cce1e4c5e0298dc6f7f71d6a5c5e542a662005e SHA512 bf7a8cbeda330be98eb6fb1942ca9d6d8107ceabfb47db36d4b9b1f9d99afb329bad7737a4c9bfbf3ac205e9499dd58b2aa1cf7dfd83e41ee50b3820b05d4596
 DIST xsp-4.7.1.tar.gz 307143 BLAKE2B f8a3a09d644d567728e6462df553ff52fdbd17e974dc25aeebd011e7b6c22ef76be69cc49acfd1cdd9edbd30728ce6b7ef5f33ecda50653db219863b17442b36 SHA512 f106b073bc17ae8fafcffdf2f0db7284f36b62b648fd79321a0de7f5ed15085a9116deccf464e72b3e6f5daf8d65d0a6a3d55c1b275546a4762fa3236bd58e2b
-EBUILD xsp-3.8_p2014120900.ebuild 2374 BLAKE2B ce4456beb45e060bd2a63bf09e76f0cc5590a8c833fb39e45dc96e0ad8ac75cdd2ff16152f6a5875689b67c78855cf70eed7af4a297b0bf9a92915845522f5c3 SHA512 d6b446f48ce3c324091fcd2a70be54eff6c7653ea110826082da0a3d5850aea86ac8405577f2b0e05885478f701fbd338075bfbb43f1a6feb507d6a997d9c844
-EBUILD xsp-4.7.1.ebuild 2187 BLAKE2B c981767421b5c1969b2c34586760d0a2611eafcf5e0ec85e8ee5654e12d1b47b757ee4c5b09b9c8bace21053d0d9b78652434486a42ecee8ab675a3689fd814e SHA512 6cdf7f14015e9b30035114e67e606d908e10c81a1c5befe00feb21e16f1960a9f7c81de4ca7efe0be52d419397ae13306c389197de77280ad17d86d9fcf19c37
+EBUILD xsp-3.8_p2014120900-r1.ebuild 2247 BLAKE2B 8b918f68477de9cbdb3890c69c950e92bed1f5393f5341be8bf7227ac53cd7d2dfab49639c4809ee2f48a9fe7db26f28029ae31c53b841b447508a360c4390c9 SHA512 435c76b49a51f47d0acb51d820b9eb83462070ab7afa3db4f47625c2537c98a9649df532c01ccc166d02d1d28f7e0eee9910f4cd2ab43b0486a134c2a0e24a87
+EBUILD xsp-4.7.1-r1.ebuild 2060 BLAKE2B d40381e27b281a8ba71c5777f864f7e363597d35c074b049127ffae926cfd6a4b44387278b2f49f3355cc688b422860c1f795e9831773b0880d5200d41d3054d SHA512 09e9c8c68cf78581c98d10d0cbdd0325662e80f252b577fe7b16b67965ca4271102add2fe653fedd3f5322ce7cee66d75e8464b677aeb1855e890ba2c13e28d3
 MISC metadata.xml 488 BLAKE2B 8725ea89fc8e394963ede0b84af83b2ec69f0b9a88a47c00a64dbc86f5be17264132a909839a57d2d13a315c8bbe082f6410456229bf23e2ad890c0580a1e9b1 SHA512 71a3eea4ed3a14bbc71524738e0b7a80a25a3e34905fbb2aef2e66830099d5addab8bb95b1d9e7ee5df0861a75651c43b1835e404bd2dba5db5e00d86bed0c52
diff --git a/www-servers/xsp/xsp-3.8_p2014120900.ebuild b/www-servers/xsp/xsp-3.8_p2014120900-r1.ebuild
index e2d9fda01c70..c1ec007657b4 100644
--- a/www-servers/xsp/xsp-3.8_p2014120900.ebuild
+++ b/www-servers/xsp/xsp-3.8_p2014120900-r1.ebuild
@@ -6,7 +6,7 @@ EAPI=7
 # TODO: We can probably yank the USE_DOTNET/dotnet.eclass stuff
 # but let's be conservative for now
 USE_DOTNET="net35 net40 net45"
-inherit autotools dotnet systemd user
+inherit autotools dotnet systemd
 
 EGIT_COMMIT="e272a2c006211b6b03be2ef5bbb9e3f8fefd0768"
 DESCRIPTION="XSP is a small web server that can host ASP.NET pages"
@@ -20,8 +20,12 @@ KEYWORDS="~amd64 ~ppc ~x86"
 IUSE="developer doc test"
 RESTRICT="!test? ( test )"
 
-RDEPEND="dev-db/sqlite:3"
-DEPEND="${RDEPEND}"
+DEPEND="dev-db/sqlite:3"
+RDEPEND="
+	${DEPEND}
+	acct-group/aspnet
+	acct-user/aspnet
+"
 
 PATCHES=(
 	"${FILESDIR}/aclocal-fix.patch"
@@ -62,14 +66,6 @@ src_configure() {
 #	fi
 #}
 
-pkg_preinst() {
-	enewgroup aspnet
-	enewuser aspnet -1 -1 /tmp aspnet
-
-	# enewuser www-data
-	# www-data - is from debian, i think it's the same as aspnet here
-}
-
 src_install() {
 	default
 
diff --git a/www-servers/xsp/xsp-4.7.1.ebuild b/www-servers/xsp/xsp-4.7.1-r1.ebuild
index e5cd0168007c..a7a1cdb95503 100644
--- a/www-servers/xsp/xsp-4.7.1.ebuild
+++ b/www-servers/xsp/xsp-4.7.1-r1.ebuild
@@ -4,7 +4,7 @@
 EAPI=7
 
 USE_DOTNET="net35 net40 net45"
-inherit autotools dotnet systemd user
+inherit autotools dotnet systemd
 
 DESCRIPTION="XSP is a small web server that can host ASP.NET pages"
 HOMEPAGE="http://www.mono-project.com/ASP.NET"
@@ -16,8 +16,12 @@ KEYWORDS="~amd64 ~ppc ~x86"
 IUSE="developer doc test"
 RESTRICT="!test? ( test )"
 
-RDEPEND="dev-db/sqlite:3"
-DEPEND="${RDEPEND}"
+DEPEND="dev-db/sqlite:3"
+RDEPEND="
+	${DEPEND}
+	acct-group/aspnet
+	acct-user/aspnet
+"
 
 PATCHES=(
 	"${FILESDIR}/aclocal-fix.patch"
@@ -58,14 +62,6 @@ src_configure() {
 #	fi
 #}
 
-pkg_preinst() {
-	enewgroup aspnet
-	enewuser aspnet -1 -1 /tmp aspnet
-
-	# enewuser www-data
-	# www-data - is from debian, i think it's the same as aspnet here
-}
-
 src_install() {
 	default
author	V3n3RiX <venerix@redcorelinux.org>	2021-07-08 15:03:58 +0100
committer	V3n3RiX <venerix@redcorelinux.org>	2021-07-08 15:03:58 +0100
commit	814f4cf860e299a046b649eaee5463427984c09c (patch)
tree	74c45f097899310e599dad6b8df5b63e0f085bc0 /www-servers
parent	7f0ccc917c7abe6223784c703d86cd14755691fb (diff)