11 changed files with 171 additions and 287 deletions
--- a/.gitignore
+++ b/.gitignore
@ -18,8 +18,3 @@ modsecurity-apache_2.5.12.tar.gz
 /modsecurity-2.9.0.tar.gz
 /modsecurity-2.9.1.tar.gz
 /modsecurity-2.9.2.tar.gz
 /modsecurity-2.9.3.tar.gz
 /modsecurity-2.9.4.tar.gz
 /modsecurity-2.9.5.tar.gz
 /modsecurity-2.9.6.tar.gz
 /modsecurity-2.9.7.tar.gz
--- a/0001-mlogc-Changes-the-default-SSL-algo-to-TLS-1.2.patch
+++ b/0001-mlogc-Changes-the-default-SSL-algo-to-TLS-1.2.patch
@ -0,0 +1,28 @@
 From 84f2299f6b3b56cf5342ad378c3641be548bf79c Mon Sep 17 00:00:00 2001
 From: Felipe Zimmerle <fcosta@trustwave.com>
 Date: Mon, 3 Nov 2014 10:13:21 -0800
 Subject: [PATCH] mlogc: Changes the default SSL algo to TLS 1.2
 As reported by Josh Amishav-Zlatin, mlogc was making usage of SSLv3 instead of
 TLS 1.2. Servers should not answer SSLv3 after poodle.
 ---
 mlogc/mlogc.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 diff --git a/mlogc/mlogc.c b/mlogc/mlogc.c
 index 4163230..c4b2a23 100644
 --- a/mlogc/mlogc.c
 +++ b/mlogc/mlogc.c
@@ -1218,8 +1218,8 @@ static void logc_init(void)
         curl_easy_setopt(curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
         curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE);
         curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0);
 -        /* SSLv3 works better overall as some servers have issues with TLS */
 -        curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3);
 +        curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
 +
         curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, 15);
         curl_easy_setopt(curl, CURLOPT_NOSIGNAL, TRUE);
         curl_easy_setopt(curl, CURLOPT_HEADER, TRUE);
 --
 1.9.1
--- a/mod_security-2.7.3-fix-mem-leak-and-cve-2013-2765.patch
+++ b/mod_security-2.7.3-fix-mem-leak-and-cve-2013-2765.patch
@ -0,0 +1,23 @@
 diff -ru modsecurity-apache_2.7.3.orig/apache2/msc_reqbody.c modsecurity-apache_2.7.3/apache2/msc_reqbody.c
 --- modsecurity-apache_2.7.3.orig/apache2/msc_reqbody.c	2013-03-24 08:12:29.000000000 +0100
 +++ modsecurity-apache_2.7.3/apache2/msc_reqbody.c	2013-05-28 14:48:39.063673996 +0100
@@ -170,6 +170,7 @@
     /* Would storing this chunk mean going over the limit? */
     if ((msr->msc_reqbody_spilltodisk)
 +        && (msr->txcfg->reqbody_buffering != REQUEST_BODY_FORCEBUF_ON)
         && (msr->msc_reqbody_length + length > (apr_size_t)msr->txcfg->reqbody_inmemory_limit))
     {
         msc_data_chunk **chunks;
 diff -ru modsecurity-apache_2.7.3.orig/apache2/re_operators.c modsecurity-apache_2.7.3/apache2/re_operators.c
 --- modsecurity-apache_2.7.3.orig/apache2/re_operators.c	2013-03-24 08:12:29.000000000 +0100
 +++ modsecurity-apache_2.7.3/apache2/re_operators.c	2013-05-28 14:49:30.448696404 +0100
@@ -369,7 +369,7 @@
 /* rsub */
 static char *param_remove_escape(msre_rule *rule, char *str, int len)  {
 -    char *parm = apr_palloc(rule->ruleset->mp, len);
 +    char *parm = apr_pcalloc(rule->ruleset->mp, len);
     char *ret = parm;
     for(;*str!='\0';str++)    {
--- a/mod_security-2.9.3-remote-rules-timeout.patch
+++ b/mod_security-2.9.3-remote-rules-timeout.patch
@ -1,85 +0,0 @@
 diff --git a/apache2/apache2_config.c b/apache2/apache2_config.c
 index 80f8f2b..7912d84 100644
 --- a/apache2/apache2_config.c
 +++ b/apache2/apache2_config.c
@@ -2354,6 +2354,24 @@ static const char *cmd_remote_rules(cmd_parms *cmd, void *_dcfg, const char *p1,
 }
 +static const char *cmd_remote_timeout(cmd_parms *cmd, void *_dcfg, const char *p1)
 +{
 +    directory_config *dcfg = (directory_config *)_dcfg;
 +    long int timeout;
 +
 +    if (dcfg == NULL) return NULL;
 +
 +    timeout = strtol(p1, NULL, 10);
 +    if ((timeout == LONG_MAX)||(timeout == LONG_MIN)||(timeout < 0)) {
 +        return apr_psprintf(cmd->pool, "ModSecurity: Invalid value for SecRemoteTimeout: %s", p1);
 +    }
 +
 +    remote_rules_timeout = timeout;
 +
 +    return NULL;
 +}
 +
 +
 static const char *cmd_status_engine(cmd_parms *cmd, void *_dcfg, const char *p1)
 {
     if (strcasecmp(p1, "on") == 0) {
@@ -3667,6 +3685,14 @@ const command_rec module_directives[] = {
         "Abort or Warn"
     ),
 +    AP_INIT_TAKE1 (
 +        "SecRemoteTimeout",
 +        cmd_remote_timeout,
 +        NULL,
 +        CMD_SCOPE_ANY,
 +        "timeout in seconds"
 +    ),
 +
     AP_INIT_TAKE1 (
         "SecXmlExternalEntity",
 diff --git a/apache2/mod_security2.c b/apache2/mod_security2.c
 index 7bb215e..c155495 100644
 --- a/apache2/mod_security2.c
 +++ b/apache2/mod_security2.c
@@ -79,6 +79,8 @@ msc_remote_rules_server DSOLOCAL *remote_rules_server = NULL;
 #endif
 int DSOLOCAL remote_rules_fail_action = REMOTE_RULES_ABORT_ON_FAIL;
 char DSOLOCAL *remote_rules_fail_message = NULL;
 +unsigned long int DSOLOCAL remote_rules_timeout = NOT_SET;
 +
 int DSOLOCAL status_engine_state = STATUS_ENGINE_DISABLED;
 diff --git a/apache2/modsecurity.h b/apache2/modsecurity.h
 index f24bc75..8bcd453 100644
 --- a/apache2/modsecurity.h
 +++ b/apache2/modsecurity.h
@@ -150,6 +150,7 @@ extern DSOLOCAL msc_remote_rules_server *remote_rules_server;
 #endif
 extern DSOLOCAL int remote_rules_fail_action;
 extern DSOLOCAL char *remote_rules_fail_message;
 +extern DSOLOCAL unsigned long int remote_rules_timeout;
 extern DSOLOCAL int status_engine_state;
 diff --git a/apache2/msc_remote_rules.c b/apache2/msc_remote_rules.c
 index 99968f0..b8db13e 100644
 --- a/apache2/msc_remote_rules.c
 +++ b/apache2/msc_remote_rules.c
@@ -358,6 +358,11 @@ int msc_remote_download_content(apr_pool_t *mp, const char *uri, const char *key
         /* We want Curl to return error in case there is an HTTP error code */
         curl_easy_setopt(curl, CURLOPT_FAILONERROR, 1);
 +        /* In case we want different timeout than a default one */
 +        if (remote_rules_timeout != NOT_SET){
 +            curl_easy_setopt(curl, CURLOPT_TIMEOUT, remote_rules_timeout);
 +        }
 +
         res = curl_easy_perform(curl);
         if (res != CURLE_OK)
--- a/mod_security-2.9.7-send_error_bucket.patch
+++ b/mod_security-2.9.7-send_error_bucket.patch
@ -1,30 +0,0 @@
 From b2fa083522c70368c7ab911696dcb87dde5dc688 Mon Sep 17 00:00:00 2001
 From: Tomas Korbar <tkorbar@redhat.com>
 Date: Thu, 22 Dec 2022 14:49:34 +0100
 Subject: [PATCH] Clear original response code in send_error_bucket function
 If this is left intact, then apache thinks that this code
 was generated during processing of ErrorDocument and does not
 handle it properly
 Fix #2849
 ---
 apache2/apache2_util.c | 5 +++++
 1 file changed, 5 insertions(+)
 diff --git a/apache2/apache2_util.c b/apache2/apache2_util.c
 index cdae2b580..520a30f2f 100644
 --- a/apache2/apache2_util.c
 +++ b/apache2/apache2_util.c
@@ -31,6 +31,11 @@ apr_status_t send_error_bucket(modsec_rec *msr, ap_filter_t *f, int status) {
     /* Set the status line explicitly for the error document */
     f->r->status_line = ap_get_status_line(status);
 +    /* Clear previously set response code to make clear that this is
 +     * not a recursive error
 +     */
 +    f->r->status = 200;
 +
     brigade = apr_brigade_create(f->r->pool, f->r->connection->bucket_alloc);
     if (brigade == NULL) return APR_EGENERAL;
--- a/mod_security-fix-build-with-libxml29.patch
+++ b/mod_security-fix-build-with-libxml29.patch
@ -0,0 +1,82 @@
 --- apache2/msc_crypt.c.orig	2012-10-18 10:42:43.381000000 +0100
 +++ apache2/msc_crypt.c	2012-10-18 10:46:52.442000000 +0100
@@ -1079,6 +1079,70 @@
     htmlDocContentDumpFormatOutput(output_buf, msr->crypto_html_tree, NULL, 0);
 +#ifdef  LIBXML2_NEW_BUFFER
 +
 +    if (output_buf->conv == NULL || (output_buf->conv && xmlOutputBufferGetSize(output_buf) == 0)) {
 +
 +        if(output_buf->buffer == NULL || xmlOutputBufferGetSize(output_buf) == 0)  {
 +            xmlOutputBufferClose(output_buf);
 +            xmlFreeDoc(msr->crypto_html_tree);
 +            msr->of_stream_changed = 0;
 +            return -1;
 +        }
 +
 +        if(msr->stream_output_data != NULL) {
 +            free(msr->stream_output_data);
 +            msr->stream_output_data =  NULL;
 +        }
 +
 +        msr->stream_output_length = xmlOutputBufferGetSize(output_buf);
 +        msr->stream_output_data = (char *)malloc(msr->stream_output_length+1);
 +
 +        if (msr->stream_output_data == NULL) {
 +            xmlOutputBufferClose(output_buf);
 +            xmlFreeDoc(msr->crypto_html_tree);
 +            return -1;
 +        }
 +
 +        memset(msr->stream_output_data, 0x0, msr->stream_output_length+1);
 +        memcpy(msr->stream_output_data, xmlOutputBufferGetContent(output_buf), msr->stream_output_length);
 +
 +        if (msr->txcfg->debuglog_level >= 4)
 +            msr_log(msr, 4, "inject_encrypted_response_body: Copying XML tree from CONTENT to stream buffer [%d] bytes.", xmlOutputBufferGetSize(output_buf));
 +
 +    } else {
 +
 +        if(output_buf->conv == NULL || xmlOutputBufferGetSize(output_buf) == 0)  {
 +            xmlOutputBufferClose(output_buf);
 +            xmlFreeDoc(msr->crypto_html_tree);
 +            msr->of_stream_changed = 0;
 +            return -1;
 +        }
 +
 +        if(msr->stream_output_data != NULL) {
 +            free(msr->stream_output_data);
 +            msr->stream_output_data =  NULL;
 +        }
 +
 +        msr->stream_output_length = xmlOutputBufferGetSize(output_buf);
 +        msr->stream_output_data = (char *)malloc(msr->stream_output_length+1);
 +
 +        if (msr->stream_output_data == NULL) {
 +            xmlOutputBufferClose(output_buf);
 +            xmlFreeDoc(msr->crypto_html_tree);
 +            return -1;
 +        }
 +
 +        memset(msr->stream_output_data, 0x0, msr->stream_output_length+1);
 +        memcpy(msr->stream_output_data, xmlOutputBufferGetContent(output_buf), msr->stream_output_length);
 +
 +        if (msr->txcfg->debuglog_level >= 4)
 +            msr_log(msr, 4, "inject_encrypted_response_body: Copying XML tree from CONV to stream buffer [%d] bytes.", xmlOutputBufferGetSize(output_buf));
 +
 +    }
 +
 +#else
 +
     if (output_buf->conv == NULL || (output_buf->conv && output_buf->conv->use == 0)) {
         if(output_buf->buffer == NULL || output_buf->buffer->use == 0)  {
@@ -1139,6 +1203,8 @@
     }
 +#endif
 +
     xmlOutputBufferClose(output_buf);
     content_value = (char*)apr_psprintf(msr->mp, "%"APR_SIZE_T_FMT, msr->stream_output_length);
--- a/mod_security.spec
+++ b/mod_security.spec
@ -5,36 +5,26 @@
 %{!?_httpd_confdir:    %{expand: %%global _httpd_confdir    %%{_sysconfdir}/httpd/conf.d}}
 %{!?_httpd_moddir:    %{expand: %%global _httpd_moddir    %%{_libdir}/httpd/modules}}
-%bcond_without mlogc
+%global with_mlogc 0%{?fedora} || 0%{?rhel} <= 6
 Summary: Security module for the Apache HTTP Server
 Name: mod_security 
-Version: 2.9.7
+Version: 2.9.2
-Release: 6%{?dist}
+Release: 3%{?dist}
-License: Apache-2.0
+License: ASL 2.0
 URL: http://www.modsecurity.org/
 Group: System Environment/Daemons
 Source: https://github.com/SpiderLabs/ModSecurity/releases/download/v%{version}/modsecurity-%{version}.tar.gz
 Source1: mod_security.conf
 Source2: 10-mod_security.conf
 Source3: modsecurity_localrules.conf
 Patch0: modsecurity-2.9.3-lua-54.patch
 Patch1: modsecurity-2.9.3-apulibs.patch
 Patch2: mod_security-2.9.3-remote-rules-timeout.patch
 Patch3: mod_security-2.9.7-send_error_bucket.patch
 Requires: httpd httpd-mmn = %{_httpd_mmn}
-%if 0%{?fedora} || 0%{?rhel} > 7
+#BuildRequires: httpd-devel libxml2-devel pcre-devel lua-devel
-# Ensure apache user exists for file ownership
+# Required for force recent TLS  version
-Requires(pre): httpd-filesystem
+#BuildRequires: curl-devel yajl-devel
 %endif
 BuildRequires: gcc, make, autoconf, automake, libtool
 BuildRequires: httpd-devel
 BuildRequires: perl-generators
-BuildRequires: pcre2-devel
+BuildRequires: pkgconfig(libxml-2.0) pkgconfig(lua) pkgconfig(libpcre) pkgconfig(libcurl)
 BuildRequires: pkgconfig(libcurl)
 BuildRequires: pkgconfig(libxml-2.0)
 BuildRequires: pkgconfig(lua)
 # Workarround for EL6
 %if 0%{?el6}
@ -49,31 +39,24 @@ ModSecurity is an open source intrusion detection and prevention engine
 for web applications. It operates embedded into the web server, acting
 as a powerful umbrella - shielding web applications from attacks.
-%if %{with mlogc}
+%if %with_mlogc
-%package        mlogc
+%package -n     mlogc
 Summary:        ModSecurity Audit Log Collector
 Group:          System Environment/Daemons
 Requires:       mod_security
 %if 0%{?fedora} || 0%{?rhel} > 7
 # Ensure apache user exists for file ownership
 Requires(pre):  httpd-filesystem
 %endif
-%description mlogc
+%description -n mlogc
 This package contains the ModSecurity Audit Log Collector.
 %endif
 %prep
-%autosetup -p1 -n modsecurity-%{version}
+%setup -q -n modsecurity-%{version}
 %build
 ./autogen.sh
 %configure --enable-pcre-match-limit=1000000 \
           --enable-pcre-match-limit-recursion=1000000 \
           --with-apxs=%{_httpd_apxs} \
-           --with-yajl \
+           --with-yajl
           --with-pcre2 \
           --disable-static
 # remove rpath
 sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
 sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
@ -112,7 +95,7 @@ install -m 700 -d $RPM_BUILD_ROOT%{_localstatedir}/lib/%{name}
 install -Dp -m0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/local_rules/
 # mlogc
-%if %{with mlogc}
+%if %with_mlogc
 install -d %{buildroot}%{_localstatedir}/log/mlogc
 install -d %{buildroot}%{_localstatedir}/log/mlogc/data
 install -m0755 mlogc/mlogc %{buildroot}%{_bindir}/mlogc
@ -122,7 +105,7 @@ install -m0644 mlogc/mlogc-default.conf %{buildroot}%{_sysconfdir}/mlogc.conf
 %files
-%doc CHANGES LICENSE README.* NOTICE
+%doc CHANGES LICENSE README.TXT NOTICE
 %{_httpd_moddir}/mod_security2.so
 %config(noreplace) %{_httpd_confdir}/*.conf
 %if "%{_httpd_modconfdir}" != "%{_httpd_confdir}"
@ -134,8 +117,8 @@ install -m0644 mlogc/mlogc-default.conf %{buildroot}%{_sysconfdir}/mlogc.conf
 %config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/local_rules/*.conf
 %attr(770,apache,root) %dir %{_localstatedir}/lib/%{name}
-%if %{with mlogc}
+%if %with_mlogc
-%files mlogc
+%files -n mlogc
 %doc mlogc/INSTALL
 %attr(0640,root,apache) %config(noreplace) %{_sysconfdir}/mlogc.conf
 %attr(0755,root,root) %dir %{_localstatedir}/log/mlogc
@ -145,89 +128,6 @@ install -m0644 mlogc/mlogc-default.conf %{buildroot}%{_sysconfdir}/mlogc.conf
 %endif
 %changelog
 * Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.7-6
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 * Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.7-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 * Tue Jan 02 2024 Tomas Korbar <tkorbar@redhat.com> - 2.9.7-4
 - Clear original response code in send_error_bucket function
 * Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.7-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
 * Fri Jun 02 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.9.7-2
 - SPDX migration
 * Thu Apr 13 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.9.7-1
 - new version 2.9.7
 - use pcre2 instead of deprecated pcre (rhbz #2128330)
 * Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.6-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
 * Wed Sep 14 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.9.6-1
 - new version 2.9.6
 * Wed Aug 31 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.9.5-1
 - new version 2.9.5
 * Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.4-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
 * Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.4-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
 * Wed Aug 18 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.9.4-1
 - new version 2.9.4
 * Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-11
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-10
 - Resolves: #1930664 - RFE: Add a feature that can set a mod_security/libcurl
  timeout for retrieving the rules
 - rename mlogc to mod_security-mlogc
 * Fri Jan 22 2021 Joe Orton <jorton@redhat.com> - 2.9.3-8
 - don't link against redundant apr-util dependent libraries
 * Sat Aug 08 2020 Othman Madjoudj <athmane@fedoraproject.org> - 2.9.3-7
 - Add a patch to fix build with Lua 5.4 until we completely switch to mod_sec3 as default
 * Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-6
 - Second attempt - Rebuilt for
  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
 * Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 * Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 * Sun Dec 09 2018 Athmane Madjoudj <athmane@fedoraproject.org> - 2.9.3-1
 - Update to 2.9.3
 * Fri Nov 16 2018 Joe Orton <jorton@redhat.com> - 2.9.2-7
 - Requires(pre): httpd-filesystem to ensure apache user exists
 - enable mlogc everywhere, use buildcond to disable
 * Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.2-6
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 * Sun Feb 18 2018 Athmane Madjoudj <athmane@fedoraproject.org> - 2.9.2-5
 - Add gcc and make as BR (minimal buildroot change)
 * Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.2-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
 * Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.2-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
--- a/modsecurity-2.9.0-fix-lua53-build.patch
+++ b/modsecurity-2.9.0-fix-lua53-build.patch
@ -0,0 +1,16 @@
 diff -ru modsecurity-2.9.0.orig/apache2/msc_lua.c modsecurity-2.9.0/apache2/msc_lua.c
 --- modsecurity-2.9.0.orig/apache2/msc_lua.c	2015-02-12 20:08:30.000000000 +0100
 +++ modsecurity-2.9.0/apache2/msc_lua.c	2015-02-13 13:07:42.976716385 +0100
@@ -111,8 +111,11 @@
     dump.pool = pool;
     dump.parts = apr_array_make(pool, 128, sizeof(msc_script_part *));
 +#if LUA_VERSION_NUM >= 503
 +    lua_dump(L, dump_writer, &dump, 1);
 +#else
     lua_dump(L, dump_writer, &dump);
 -
 +#endif
     (*script) = apr_pcalloc(pool, sizeof(msc_script));
     (*script)->name = filename;
     (*script)->parts = dump.parts;
--- a/modsecurity-2.9.3-apulibs.patch
+++ b/modsecurity-2.9.3-apulibs.patch
@ -1,14 +0,0 @@
 Strip redundant APR-util dependent libraries, it is sufficient to link against -laprutil-1.
 --- modsecurity-2.9.3/build/find_apu.m4.apulibs
 +++ modsecurity-2.9.3/build/find_apu.m4
@@ -59,7 +59,7 @@
     APU_CFLAGS="`${APU_CONFIG} --includes`"
     if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apu CFLAGS: $APU_CFLAGS); fi
     APU_LDFLAGS="`${APU_CONFIG} --ldflags`"
 -    APU_LDFLAGS="$APU_LDFLAGS `${APU_CONFIG} --libs`"
 +    APU_LDFLAGS="$APU_LDFLAGS `${APU_CONFIG} --avoid-ldap --avoid-dbm --libs`"
     if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apu LDFLAGS: $APU_LDFLAGS); fi
     APU_LDADD="`${APU_CONFIG} --link-libtool`"
     if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apu LDADD: $APU_LDADD); fi
--- a/modsecurity-2.9.3-lua-54.patch
+++ b/modsecurity-2.9.3-lua-54.patch
@ -1,31 +0,0 @@
 diff -ru modsecurity-2.9.3/apache2/msc_lua.c modsecurity-2.9.3-lua-patch/apache2/msc_lua.c
 --- modsecurity-2.9.3/apache2/msc_lua.c	2018-12-04 18:49:37.000000000 +0000
 +++ modsecurity-2.9.3-lua-patch/apache2/msc_lua.c	2020-08-08 16:55:14.936045777 +0000
@@ -429,12 +429,12 @@
 #else
     /* Create new state. */
 -#if LUA_VERSION_NUM == 502 || LUA_VERSION_NUM == 503 || LUA_VERSION_NUM == 501
 +#if LUA_VERSION_NUM == 502 || LUA_VERSION_NUM == 503 || LUA_VERSION_NUM == 501 || LUA_VERSION_NUM == 504
     L = luaL_newstate();
 #elif LUA_VERSION_NUM == 500
     L = lua_open();
 #else
 -#error We are only tested under Lua 5.0, 5.1, 5.2, or 5.3.
 +#error We are only tested under Lua 5.0, 5.1, 5.2, 5.3 or 5.4.
 #endif
     luaL_openlibs(L);
@@ -459,10 +459,10 @@
     /* Register functions. */
 #if LUA_VERSION_NUM == 500 || LUA_VERSION_NUM == 501
     luaL_register(L, "m", mylib);
 -#elif LUA_VERSION_NUM == 502 || LUA_VERSION_NUM == 503
 +#elif LUA_VERSION_NUM == 502 || LUA_VERSION_NUM == 503 || LUA_VERSION_NUM == 504
     luaL_setfuncs(L, mylib, 0);
 #else
 -#error We are only tested under Lua 5.0, 5.1, 5.2, or 5.3.
 +#error We are only tested under Lua 5.0, 5.1, 5.2, 5.3 or 5.4.
 #endif
     lua_setglobal(L, "m");
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (modsecurity-2.9.7.tar.gz) = a333d142f0dedf332a3cccca8267ccf9193cd4ad5a026b3cdbe0713dd1f3edde33739eae8baced2c63409cc0b220001e0a226ea032874a97c08e4065eb1fbdd5
+SHA512 (modsecurity-2.9.2.tar.gz) = 69c87ef6f7b6411f4803eb25af32969a1da59722121257c2edf345a3f5a4ab9ae8a49c886cbbfc722c5bda91c6d6ea55232f968c0a0407d7d7b3af53dc862c21
`@ -1 +1 @@`
	`SHA512 (modsecurity-2.9.7.tar.gz) = a333d142f0dedf332a3cccca8267ccf9193cd4ad5a026b3cdbe0713dd1f3edde33739eae8baced2c63409cc0b220001e0a226ea032874a97c08e4065eb1fbdd5`	`SHA512 (modsecurity-2.9.2.tar.gz) = 69c87ef6f7b6411f4803eb25af32969a1da59722121257c2edf345a3f5a4ab9ae8a49c886cbbfc722c5bda91c6d6ea55232f968c0a0407d7d7b3af53dc862c21`