diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..d4daf75
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+SOURCES/modsecurity-2.9.3.tar.gz
diff --git a/.httpd24-mod_security.metadata b/.httpd24-mod_security.metadata
new file mode 100644
index 0000000..4a7c667
--- /dev/null
+++ b/.httpd24-mod_security.metadata
@@ -0,0 +1 @@
+4fb70cc8284cf1b29eabb19b5f247351cbb82def SOURCES/modsecurity-2.9.3.tar.gz
diff --git a/SOURCES/10-mod_security.conf b/SOURCES/10-mod_security.conf
new file mode 100644
index 0000000..dfe0955
--- /dev/null
+++ b/SOURCES/10-mod_security.conf
@@ -0,0 +1,5 @@
+LoadModule security2_module modules/mod_security2.so
+
+
+ LoadModule unique_id_module modules/mod_unique_id.so
+
diff --git a/SOURCES/mod_security.conf b/SOURCES/mod_security.conf
new file mode 100644
index 0000000..9d4f332
--- /dev/null
+++ b/SOURCES/mod_security.conf
@@ -0,0 +1,56 @@
+
+ # Default recommended configuration
+ SecRuleEngine On
+ SecRequestBodyAccess On
+ SecRule REQUEST_HEADERS:Content-Type "text/xml" \
+ "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
+ SecRequestBodyLimit 13107200
+ SecRequestBodyNoFilesLimit 131072
+ SecRequestBodyInMemoryLimit 131072
+ SecRequestBodyLimitAction Reject
+ SecRule REQBODY_ERROR "!@eq 0" \
+ "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
+ "id:'200002',phase:2,t:none,log,deny,status:400,msg:'Multipart request body \
+ failed strict validation: \
+ PE %{REQBODY_PROCESSOR_ERROR}, \
+ BQ %{MULTIPART_BOUNDARY_QUOTED}, \
+ BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
+ DB %{MULTIPART_DATA_BEFORE}, \
+ DA %{MULTIPART_DATA_AFTER}, \
+ HF %{MULTIPART_HEADER_FOLDING}, \
+ LF %{MULTIPART_LF_LINE}, \
+ SM %{MULTIPART_MISSING_SEMICOLON}, \
+ IQ %{MULTIPART_INVALID_QUOTING}, \
+ IP %{MULTIPART_INVALID_PART}, \
+ IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
+ FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
+
+ SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \
+ "id:'200003',phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'"
+
+ SecPcreMatchLimit 1000
+ SecPcreMatchLimitRecursion 1000
+
+ SecRule TX:/^MSC_/ "!@streq 0" \
+ "id:'200004',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
+
+ SecResponseBodyAccess Off
+ SecDebugLog $sec_logdir/modsec_debug.log
+ SecDebugLogLevel 0
+ SecAuditEngine RelevantOnly
+ SecAuditLogRelevantStatus "^(?:5|4(?!04))"
+ SecAuditLogParts ABIJDEFHZ
+ SecAuditLogType Serial
+ SecAuditLog $sec_logdir/modsec_audit.log
+ SecArgumentSeparator &
+ SecCookieFormat 0
+ SecTmpDir $sec_statedir
+ SecDataDir $sec_statedir
+
+ # ModSecurity Core Rules Set and Local configuration
+ Include modsecurity.d/*.conf
+ Include modsecurity.d/activated_rules/*.conf
+ Include modsecurity.d/local_rules/*.conf
+
+
diff --git a/SOURCES/modsecurity_localrules.conf b/SOURCES/modsecurity_localrules.conf
new file mode 100644
index 0000000..983d7df
--- /dev/null
+++ b/SOURCES/modsecurity_localrules.conf
@@ -0,0 +1,9 @@
+# User defined rules and settings .
+#
+# You can use this file/directory to drop your local rules or
+# to remove some rules provided by mod_security_crs package with SecRuleRemoveById
+#
+# You can also disable mod_security for some incompatible web applications (eg. phpMyAdmin).
+#
+#
+
diff --git a/SPECS/mod_security.spec b/SPECS/mod_security.spec
new file mode 100644
index 0000000..6359c22
--- /dev/null
+++ b/SPECS/mod_security.spec
@@ -0,0 +1,513 @@
+%{?scl:%scl_package mod_security}
+
+%if 0%{?scl:1}
+%define httpd_logdir %{_root_localstatedir}/log/httpd24
+%else
+%define httpd_logdir %{_localstatedir}/log/httpd
+%{!?_httpd_apxs: %{expand: %%global _httpd_apxs %%{_sbindir}/apxs}}
+%{!?_httpd_mmn: %{expand: %%global _httpd_mmn %%(cat %{_includedir}/httpd/.mmn || echo 0-0)}}
+# /etc/httpd/conf.d with httpd < 2.4 and defined as /etc/httpd/conf.modules.d with httpd >= 2.4
+%{!?_httpd_modconfdir: %{expand: %%global _httpd_modconfdir %%{_sysconfdir}/httpd/conf.d}}
+%{!?_httpd_confdir: %{expand: %%global _httpd_confdir %%{_sysconfdir}/httpd/conf.d}}
+%{!?_httpd_moddir: %{expand: %%global _httpd_moddir %%{_libdir}/httpd/modules}}
+%endif
+
+%bcond_without mlogc
+
+Summary: Security module for the Apache HTTP Server
+Name: %{?scl:%scl_prefix}mod_security
+Version: 2.9.3
+Release: 4%{?dist}
+License: ASL 2.0
+URL: http://www.modsecurity.org/
+Group: System Environment/Daemons
+Source: https://github.com/SpiderLabs/ModSecurity/releases/download/v%{version}/modsecurity-%{version}.tar.gz
+Source1: mod_security.conf
+Source2: 10-mod_security.conf
+Source3: modsecurity_localrules.conf
+%if 0%{?scl:1}
+Requires: %{?scl:%scl_prefix}httpd-mmn = %{_httpd24_mmn}
+%else
+Requires: httpd-mmn = %{_httpd_mmn}
+%endif
+%if 0%{?fedora} || 0%{?rhel} > 7
+# Ensure apache user exists for file ownership
+Requires(pre): %{?scl:%scl_prefix}httpd-filesystem
+%endif
+
+BuildRequires: gcc
+BuildRequires: %{?scl:%scl_prefix}httpd-devel
+BuildRequires: make
+BuildRequires: pkgconfig(libcurl)
+BuildRequires: pkgconfig(libpcre)
+BuildRequires: pkgconfig(libxml-2.0)
+BuildRequires: pkgconfig(lua)
+%{?scl:Requires:%scl_runtime}
+
+# Workarround for EL6
+%if 0%{?el6}
+BuildRequires: yajl-devel
+%else
+BuildRequires: pkgconfig(yajl)
+%endif
+
+%description
+ModSecurity is an open source intrusion detection and prevention engine
+for web applications. It operates embedded into the web server, acting
+as a powerful umbrella - shielding web applications from attacks.
+
+%if %{with mlogc}
+%package -n %{?scl:%scl_prefix}mlogc
+Summary: ModSecurity Audit Log Collector
+Group: System Environment/Daemons
+Requires: %{?scl:%scl_prefix}mod_security
+%if 0%{?fedora} || 0%{?rhel} > 7
+# Ensure apache user exists for file ownership
+Requires(pre): %{?scl:%scl_prefix}httpd-filesystem
+%endif
+
+%description -n %{?scl:%scl_prefix}mlogc
+This package contains the ModSecurity Audit Log Collector.
+%endif
+
+%prep
+%setup -q -n modsecurity-%{version}
+
+%build
+%if 0%{?scl:1}
+export APXS=%{_httpd24_apxs}
+%else
+export APXS=%{_httpd_apxs}
+%endif
+%configure --enable-pcre-match-limit=1000000 \
+ --enable-pcre-match-limit-recursion=1000000 \
+ --with-apxs=$APXS \
+ --with-yajl
+# remove rpath
+sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
+sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
+
+make %{_smp_mflags}
+
+%check
+# Test suite does not start because of some issue in shipped httpd config (fix upstreamed in PR #669)
+# After the fix, the test suite starts but still fails
+#make test
+#make test-regression
+
+%install
+install -d %{buildroot}%{_sbindir}
+install -d %{buildroot}%{_bindir}
+%if 0%{?scl:1}
+install -d %{buildroot}%{_httpd_moddir}
+%else
+install -d %{buildroot}%{_httpd24_moddir}
+%endif
+install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/
+install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules
+install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/local_rules
+
+%if 0%{?scl:1}
+install -m0755 apache2/.libs/mod_security2.so \
+ %{buildroot}%{_httpd24_moddir}/mod_security2.so
+%else
+install -m0755 apache2/.libs/mod_security2.so \
+ %{buildroot}%{_httpd_moddir}/mod_security2.so
+%endif
+
+%if 0%{?scl:1}
+install -Dp -m0644 %{SOURCE2} %{buildroot}%{_httpd24_modconfdir}/10-mod_security.conf
+install -Dp -m0644 %{SOURCE1} %{buildroot}%{_httpd24_confdir}/mod_security.conf
+sed -i 's/Include/IncludeOptional/' %{buildroot}%{_httpd24_confdir}/mod_security.conf
+sed -i 's|\$sec_logdir|%{httpd_logdir}|g' %{buildroot}%{_httpd24_confdir}/mod_security.conf
+sed -i 's|\$sec_statedir|%{_localstatedir}/lib/mod_security|g' %{buildroot}%{_httpd24_confdir}/mod_security.conf
+
+%else
+%if "%{_httpd_modconfdir}" != "%{_httpd_confdir}"
+# 2.4-style
+install -Dp -m0644 %{SOURCE2} %{buildroot}%{_httpd_modconfdir}/10-mod_security.conf
+install -Dp -m0644 %{SOURCE1} %{buildroot}%{_httpd_confdir}/mod_security.conf
+sed -i 's/Include/IncludeOptional/' %{buildroot}%{_httpd_confdir}/mod_security.conf
+%else
+# 2.2-style
+install -d -m0755 %{buildroot}%{_httpd_confdir}
+cat %{SOURCE2} %{SOURCE1} > %{buildroot}%{_httpd_confdir}/mod_security.conf
+%endif
+%endif
+install -m 700 -d $RPM_BUILD_ROOT%{_localstatedir}/lib/mod_security
+
+# Local rules example
+install -Dp -m0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/local_rules/
+
+# mlogc
+%if %{with mlogc}
+install -d %{buildroot}%{_localstatedir}/log/mlogc
+install -d %{buildroot}%{_localstatedir}/log/mlogc/data
+install -m0755 mlogc/mlogc %{buildroot}%{_bindir}/mlogc
+install -m0755 mlogc/mlogc-batch-load.pl %{buildroot}%{_bindir}/mlogc-batch-load
+install -m0644 mlogc/mlogc-default.conf %{buildroot}%{_sysconfdir}/mlogc.conf
+%endif
+
+
+%files
+%doc CHANGES LICENSE README.* NOTICE
+%if 0%{?scl:1}
+%{_httpd24_moddir}/mod_security2.so
+%config(noreplace) %{_httpd24_confdir}/*.conf
+%if "%{_httpd24_modconfdir}" != "%{_httpd24_confdir}"
+%config(noreplace) %{_httpd24_modconfdir}/*.conf
+%endif
+%else
+%{_httpd_moddir}/mod_security2.so
+%config(noreplace) %{_httpd_confdir}/*.conf
+%if "%{_httpd_modconfdir}" != "%{_httpd_confdir}"
+%config(noreplace) %{_httpd_modconfdir}/*.conf
+%endif
+%endif
+
+%dir %{_sysconfdir}/httpd/modsecurity.d
+%dir %{_sysconfdir}/httpd/modsecurity.d/activated_rules
+%dir %{_sysconfdir}/httpd/modsecurity.d/local_rules
+%config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/local_rules/*.conf
+%attr(770,apache,root) %dir %{_localstatedir}/lib/mod_security
+
+%if %{with mlogc}
+%files -n %{?scl:%scl_prefix}mlogc
+%doc mlogc/INSTALL
+%attr(0640,root,apache) %config(noreplace) %{_sysconfdir}/mlogc.conf
+%attr(0755,root,root) %dir %{_localstatedir}/log/mlogc
+%attr(0770,root,apache) %dir %{_localstatedir}/log/mlogc/data
+%attr(0755,root,root) %{_bindir}/mlogc
+%attr(0755,root,root) %{_bindir}/mlogc-batch-load
+%endif
+
+%changelog
+* Mon May 06 2019 Lubos Uhliarik - 2.9.3-4
+- Resolves: #1706050 - Wrong requires
+
+* Fri Feb 08 2019 Lubos Uhliarik - 2.9.3-3
+- Related: #1490807 - Add mod_security 2.9.x for httpd24 to RHEL 7
+ Software collections
+
+* Mon Jan 14 2019 Lubos Uhliarik - 2.9.3-2
+- Resolves: #1490807 - Add mod_security 2.9.x for httpd24 to RHEL 7
+ Software collections
+
+* Sun Dec 09 2018 Athmane Madjoudj - 2.9.3-1
+- Update to 2.9.3
+
+* Fri Nov 16 2018 Joe Orton - 2.9.2-7
+- Requires(pre): httpd-filesystem to ensure apache user exists
+- enable mlogc everywhere, use buildcond to disable
+
+* Fri Jul 13 2018 Fedora Release Engineering - 2.9.2-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Sun Feb 18 2018 Athmane Madjoudj - 2.9.2-5
+- Add gcc and make as BR (minimal buildroot change)
+
+* Thu Feb 08 2018 Fedora Release Engineering - 2.9.2-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Thu Aug 03 2017 Fedora Release Engineering - 2.9.2-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Wed Jul 26 2017 Fedora Release Engineering - 2.9.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Fri Jul 21 2017 Athmane Madjoudj - 2.9.2-1
+- Update to 2.9.2
+
+* Fri Feb 10 2017 Fedora Release Engineering - 2.9.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Wed Mar 09 2016 Athmane Madjoudj 2.9.1-1
+- Update to final 2.9.1
+- Minor spec fix.
+
+* Tue Mar 08 2016 Athmane Madjoudj 2.9.1-0.1.rc1
+- Add workaround for el6
+
+* Tue Mar 08 2016 Athmane Madjoudj 2.9.1-0.rc1
+- Update to 2.9.1-rc1
+- Remove upstreamed patch
+
+* Thu Feb 04 2016 Fedora Release Engineering - 2.9.0-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Fri Oct 02 2015 Athmane Madjoudj 2.9.0-5
+- Update BuildRequires using pkgconfig name schema
+
+* Tue Sep 01 2015 Athmane Madjoudj 2.9.0-4
+- Add yajl support
+
+* Wed Jun 17 2015 Fedora Release Engineering - 2.9.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Fri Feb 13 2015 Athmane Madjoudj 2.9.0-2
+- Remove curl version dep. since it no longer required
+
+* Fri Feb 13 2015 Athmane Madjoudj 2.9.0-1
+- Update to 2.9.0
+- Remove backported patch
+- Add patch to fix lua 5.3 build issue (PR #837)
+
+* Tue Nov 04 2014 Athmane Madjoudj 2.8.0-7
+- Make sure mod_security is built with correct curl version
+
+* Mon Nov 03 2014 Athmane Madjoudj 2.8.0-6
+- Changes the default SSL version to TLS 1.2 since SSLv3 is vulnerable to poodle
+
+* Sun Aug 17 2014 Fedora Release Engineering - 2.8.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Fri Aug 15 2014 Athmane Madjoudj 2.8.0-4
+- Add support for user-provided configurations and rules (rhbz #1129843)
+
+* Sat Jun 07 2014 Fedora Release Engineering - 2.8.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Wed Apr 16 2014 Athmane Madjoudj 2.8.0-1
+- Update to 2.8.0 Final
+
+* Thu Apr 03 2014 Athmane Madjoudj 2.8.0-0.rc1
+- Update to 2.8.0-RC1
+
+* Tue Mar 04 2014 Athmane Madjoudj 2.7.7-6
+- Fix status code in the configuration file (upstream PR #666)
+
+* Sat Mar 01 2014 Athmane Madjoudj 2.7.7-5
+- Fix rpmlint warnings
+
+* Thu Feb 27 2014 Athmane Madjoudj 2.7.7-4
+- Add check section
+
+* Sat Feb 22 2014 Athmane Madjoudj 2.7.7-3
+- Fix bogus date in chanelog
+
+* Thu Jan 23 2014 Joe Orton - 2.7.7-2
+- fix _httpd_mmn expansion in absence of httpd-devel
+
+* Thu Dec 19 2013 Athmane Madjoudj 2.7.7-1
+- Update to 2.7.7
+- Fix the spec file since upstream fixed the bugs reported.
+
+* Tue Dec 17 2013 Athmane Madjoudj 2.7.6-2
+- Add autotools deps
+
+* Tue Dec 17 2013 Athmane Madjoudj 2.7.6-1
+- Update to 2.7.6
+- Fix spec since upstream will only provide tarball via Github
+
+* Sat Aug 03 2013 Petr Pisar - 2.7.5-2
+- Perl 5.18 rebuild
+
+* Tue Jul 30 2013 Athmane Madjoudj 2.7.5-1
+- Update to 2.7.5
+
+* Thu Jul 18 2013 Petr Pisar - 2.7.4-2
+- Perl 5.18 rebuild
+
+* Tue May 28 2013 Athmane Madjoudj 2.7.4-1
+- Update to 2.7.4
+- Drop non required patch
+
+* Tue May 28 2013 Athmane Madjoudj 2.7.3-2
+- Fix NULL pointer dereference (DoS, crash) (CVE-2013-2765) (RHBZ #967615)
+- Fix a possible memory leak.
+
+* Sat Mar 30 2013 Athmane Madjoudj 2.7.3-1
+- Update to 2.7.3
+
+* Fri Jan 25 2013 Athmane Madjoudj 2.7.2-1
+- Update to 2.7.2
+- Update source url in the spec.
+
+* Thu Nov 22 2012 Athmane Madjoudj 2.7.1-5
+- Use conditional for loading mod_unique_id (rhbz #879264)
+- Fix syntax errors on httpd 2.4.x by using IncludeOptional (rhbz #879264, comment #2)
+
+* Mon Nov 19 2012 Peter Vrabec 2.7.1-4
+- mlogc subpackage is not provided on RHEL7
+
+* Thu Nov 15 2012 Athmane Madjoudj 2.7.1-3
+- Add some missing directives RHBZ #569360
+- Fix multipart/invalid part ruleset bypass issue (CVE-2012-4528)
+ (RHBZ #867424, #867773, #867774)
+
+* Thu Nov 15 2012 Athmane Madjoudj 2.7.1-2
+- Fix mod_security.conf
+
+* Thu Nov 15 2012 Athmane Madjoudj 2.7.1-1
+- Update to 2.7.1
+- Remove libxml2 build patch (upstreamed)
+- Update spec since upstream moved to github
+
+* Thu Oct 18 2012 Athmane Madjoudj 2.7.0-2
+- Add a patch to fix failed build against libxml2 >= 2.9.0
+
+* Wed Oct 17 2012 Athmane Madjoudj 2.7.0-1
+- Update to 2.7.0
+
+* Fri Sep 28 2012 Athmane Madjoudj 2.6.8-1
+- Update to 2.6.8
+
+* Wed Sep 12 2012 Athmane Madjoudj 2.6.7-2
+- Re-add mlogc sub-package for epel (#856525)
+
+* Sat Aug 25 2012 Athmane Madjoudj 2.6.7-1
+- Update to 2.6.7
+
+* Sat Aug 25 2012 Athmane Madjoudj 2.6.7-1
+- Update to 2.6.7
+
+* Fri Jul 20 2012 Fedora Release Engineering - 2.6.6-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Fri Jun 22 2012 Peter Vrabec - 2.6.6-2
+- mlogc subpackage is not provided on RHEL
+
+* Thu Jun 21 2012 Peter Vrabec - 2.6.6-1
+- upgrade
+
+* Mon May 7 2012 Joe Orton - 2.6.5-3
+- packaging fixes
+
+* Fri Apr 27 2012 Peter Vrabec 2.6.5-2
+- fix license tag
+
+* Thu Apr 05 2012 Peter Vrabec 2.6.5-1
+- upgrade & move rules into new package mod_security_crs
+
+* Fri Feb 10 2012 Petr Pisar - 2.5.13-3
+- Rebuild against PCRE 8.30
+- Do not install non-existing files
+
+* Fri Jan 13 2012 Fedora Release Engineering - 2.5.13-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Tue May 3 2011 Michael Fleming - 2.5.13-1
+- Newer upstream version
+
+* Wed Jun 30 2010 Michael Fleming - 2.5.12-3
+- Fix log dirs and files ordering per bz#569360
+
+* Thu Apr 29 2010 Michael Fleming - 2.5.12-2
+- Fix SecDatadir and minimal config per bz #569360
+
+* Sat Feb 13 2010 Michael Fleming - 2.5.12-1
+- Update to latest upstream release
+- SECURITY: Fix potential rules bypass and denial of service (bz#563576)
+
+* Fri Nov 6 2009 Michael Fleming - 2.5.10-2
+- Fix rules and Apache configuration (bz#533124)
+
+* Thu Oct 8 2009 Michael Fleming - 2.5.10-1
+- Upgrade to 2.5.10 (with Core Rules v2)
+
+* Sat Jul 25 2009 Fedora Release Engineering - 2.5.9-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Thu Mar 12 2009 Michael Fleming 2.5.9-1
+- Update to upstream release 2.5.9
+- Fixes potential DoS' in multipart request and PDF XSS handling
+
+* Wed Feb 25 2009 Fedora Release Engineering - 2.5.7-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Mon Dec 29 2008 Michael Fleming 2.5.7-1
+- Update to upstream 2.5.7
+- Reinstate mlogc
+
+* Sat Aug 2 2008 Michael Fleming 2.5.6-1
+- Update to upstream 2.5.6
+- Remove references to mlogc, it no longer ships in the main tarball.
+- Link correctly vs. libxml2 and lua (bz# 445839)
+- Remove bogus LoadFile directives as they're no longer needed.
+
+* Sun Apr 13 2008 Michael Fleming 2.1.7-1
+- Update to upstream 2.1.7
+
+* Sat Feb 23 2008 Michael Fleming 2.1.6-1
+- Update to upstream 2.1.6 (Extra features including SecUploadFileMode)
+
+* Tue Feb 19 2008 Fedora Release Engineering - 2.1.5-3
+- Autorebuild for GCC 4.3
+
+* Sun Jan 27 2008 Michael Fleming 2.1.5-2
+- Update to 2.1.5 (bz#425986)
+- "blocking" -> "optional_rules" per tarball ;-)
+
+
+* Thu Sep 13 2007 Michael Fleming 2.1.3-1
+- Update to 2.1.3
+- Update License tag per guidelines.
+
+* Mon Sep 3 2007 Joe Orton 2.1.1-3
+- rebuild for fixed 32-bit APR (#254241)
+
+* Wed Aug 29 2007 Fedora Release Engineering - 2.1.1-2
+- Rebuild for selinux ppc32 issue.
+
+* Tue Jun 19 2007 Michael Fleming 2.1.1-1
+- New upstream release
+- Drop ASCIIZ rule (fixed upstream)
+- Re-enable protocol violation/anomalies rules now that REQUEST_FILENAME
+ is fixed upstream.
+
+* Sun Apr 1 2007 Michael Fleming 2.1.0-3
+- Automagically configure correct library path for libxml2 library.
+- Add LoadModule for mod_unique_id as the logging wants this at runtime
+
+* Mon Mar 26 2007 Michael Fleming 2.1.0-2
+- Fix DSO permissions (bz#233733)
+
+* Tue Mar 13 2007 Michael Fleming 2.1.0-1
+- New major release - 2.1.0
+- Fix CVE-2007-1359 with a local rule courtesy of Ivan Ristic
+- Addition of core ruleset
+- (Build)Requires libxml2 and pcre added.
+
+* Sun Sep 3 2006 Michael Fleming 1.9.4-2
+- Rebuild
+- Fix minor longstanding braino in included sample configuration (bz #203972)
+
+* Mon May 15 2006 Michael Fleming 1.9.4-1
+- New upstream release
+
+* Tue Apr 11 2006 Michael Fleming 1.9.3-1
+- New upstream release
+- Trivial spec tweaks
+
+* Wed Mar 1 2006 Michael Fleming 1.9.2-3
+- Bump for FC5
+
+* Fri Feb 10 2006 Michael Fleming 1.9.2-2
+- Bump for newer gcc/glibc
+
+* Wed Jan 18 2006 Michael Fleming 1.9.2-1
+- New upstream release
+
+* Fri Dec 16 2005 Michael Fleming 1.9.1-2
+- Bump for new httpd
+
+* Thu Dec 1 2005 Michael Fleming 1.9.1-1
+- New release 1.9.1
+
+* Wed Nov 9 2005 Michael Fleming 1.9-1
+- New stable upstream release 1.9
+
+* Sat Jul 9 2005 Michael Fleming 1.8.7-4
+- Add Requires: httpd-mmn to get the appropriate "module magic" version
+ (thanks Ville Skytta)
+- Disabled an overly-agressive rule or two..
+
+* Sat Jul 9 2005 Michael Fleming 1.8.7-3
+- Correct Buildroot
+- Some sensible and safe rules for common apps in mod_security.conf
+
+* Thu May 19 2005 Michael Fleming 1.8.7-2
+- Don't strip the module (so we can get a useful debuginfo package)
+
+* Thu May 19 2005 Michael Fleming 1.8.7-1
+- Initial spin for Extras