diff --git a/apache2.changes b/apache2.changes
index c652e78..016646a 100644
--- a/apache2.changes
+++ b/apache2.changes
@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Mon Jul 20 13:35:21 UTC 2015 - kstreitova@suse.com
+
+- update to 2.4.16
+  * changes http://www.apache.org/dist/httpd/CHANGES_2.4.16
+  * remove the following patches (fixed in 2.4.16)
+      * httpd-2.4.x-mod_lua_websocket_DoS.patch
+      * httpd-2.4.12-CVE-2015-0253.patch
+  * update httpd-2.4.12-lua-5.2.patch
+
 -------------------------------------------------------------------
 Sat Jul 18 03:50:24 UTC 2015 - i@marguerite.su
 
diff --git a/apache2.spec b/apache2.spec
index dd91ad0..f6f3265 100644
--- a/apache2.spec
+++ b/apache2.spec
@@ -50,7 +50,7 @@
 %define mods_static unixd
 %endif
 Name:           apache2
-Version:        2.4.12
+Version:        2.4.16
 Release:        0
 Summary:        The Apache Web Server Version 2.4
 License:        Apache-2.0
@@ -120,9 +120,6 @@ Patch70:        httpd-implicit-pointer-decl.patch
 # PATCH-FEATURE-UPSTREAM httpd-2.4.3-mod_systemd.patch crrodriguez@opensuse.org simple module provides systemd integration.
 Patch109:       httpd-2.4.3-mod_systemd.patch
 Patch111:       httpd-visibility.patch
-# PATCH-FIX-UPSTREAM bnc#918352 kstreitova@suse.com -- fix mod_lua - maliciously crafted websockets PING after a script calls r:wsupgrade() can cause a child process crash
-Patch112:       httpd-2.4.x-mod_lua_websocket_DoS.patch
-Patch113:       httpd-2.4.12-CVE-2015-0253.patch
 # PATCH-FIX-UPSTREAM marguerite@opensuse.org -- compability for lua 5.2+
 Patch114:	httpd-2.4.12-lua-5.2.patch
 BuildRequires:  automake
@@ -306,8 +303,6 @@ to administrators of web servers in general.
 %patch109 -p1
 %endif
 %patch111 -p1
-%patch112 -p1
-%patch113 -p3
 %patch114 -p1
 cat $RPM_SOURCE_DIR/SUSE-NOTICE >> NOTICE
 # install READMEs
diff --git a/httpd-2.4.12-CVE-2015-0253.patch b/httpd-2.4.12-CVE-2015-0253.patch
deleted file mode 100644
index 388b2ed..0000000
--- a/httpd-2.4.12-CVE-2015-0253.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-SECURITY: CVE-2015-0253 (cve.mitre.org)
-core: Fix a crash introduced in with ErrorDocument 400 pointing
-to a local URL-path with the INCLUDES filter active, introduced
-in 2.4.11. PR 57531. [Yann Ylavic]
---- httpd/httpd/trunk/server/protocol.c	2015/03/05 02:31:42	1664204
-+++ httpd/httpd/trunk/server/protocol.c	2015/03/05 02:33:16	1664205
-@@ -606,8 +606,6 @@
-              */
-             if (APR_STATUS_IS_ENOSPC(rv)) {
-                 r->status    = HTTP_REQUEST_URI_TOO_LARGE;
--                r->proto_num = HTTP_VERSION(1,0);
--                r->protocol  = apr_pstrdup(r->pool, "HTTP/1.0");
-             }
-             else if (APR_STATUS_IS_TIMEUP(rv)) {
-                 r->status = HTTP_REQUEST_TIME_OUT;
-@@ -615,6 +613,8 @@
-             else if (APR_STATUS_IS_EINVAL(rv)) {
-                 r->status = HTTP_BAD_REQUEST;
-             }
-+            r->proto_num = HTTP_VERSION(1,0);
-+            r->protocol  = apr_pstrdup(r->pool, "HTTP/1.0");
-             return 0;
-         }
-     } while ((len <= 0) && (++num_blank_lines < max_blank_lines));
diff --git a/httpd-2.4.12-lua-5.2.patch b/httpd-2.4.12-lua-5.2.patch
index f26026c..3867c33 100644
--- a/httpd-2.4.12-lua-5.2.patch
+++ b/httpd-2.4.12-lua-5.2.patch
@@ -1,29 +1,23 @@
-Index: httpd-2.4.12/modules/lua/mod_lua.c
+Index: httpd-2.4.16/modules/lua/mod_lua.c
 ===================================================================
---- httpd-2.4.12.orig/modules/lua/mod_lua.c
-+++ httpd-2.4.12/modules/lua/mod_lua.c
-@@ -1072,9 +1072,17 @@ static const char *register_named_block_
-         else {
-             luaL_Buffer b;
-             luaL_buffinit(lvm, &b);
-+#if LUA_VERSION_NUM < 503
+--- httpd-2.4.16.orig/modules/lua/mod_lua.c
++++ httpd-2.4.16/modules/lua/mod_lua.c
+@@ -1078,7 +1078,11 @@ static const char *register_named_block_
              lua_dump(lvm, ldump_writer, &b);
-+#else
-+	    lua_dump(lvm, ldump_writer, &b, 0);
-+#endif
+ #endif
              luaL_pushresult(&b);
 +#if LUA_VERSION_NUM < 502
              spec->bytecode_len = lua_strlen(lvm, -1);
 +#else
-+	    spec->bytecode_len = lua_rawlen(lvm, -1);
++            spec->bytecode_len = lua_rawlen(lvm, -1);
 +#endif
              spec->bytecode = apr_pstrmemdup(cmd->pool, lua_tostring(lvm, -1),
                                              spec->bytecode_len);
              lua_close(lvm);
-Index: httpd-2.4.12/modules/lua/lua_apr.c
+Index: httpd-2.4.16/modules/lua/lua_apr.c
 ===================================================================
---- httpd-2.4.12.orig/modules/lua/lua_apr.c
-+++ httpd-2.4.12/modules/lua/lua_apr.c
+--- httpd-2.4.16.orig/modules/lua/lua_apr.c
++++ httpd-2.4.16/modules/lua/lua_apr.c
 @@ -82,7 +82,11 @@ static const luaL_Reg lua_table_methods[
  int ap_lua_init(lua_State *L, apr_pool_t *p)
  {
@@ -36,10 +30,10 @@ Index: httpd-2.4.12/modules/lua/lua_apr.c
      lua_pushstring(L, "__index");
      lua_pushstring(L, "get");
      lua_gettable(L, 2);
-Index: httpd-2.4.12/modules/lua/lua_config.c
+Index: httpd-2.4.16/modules/lua/lua_config.c
 ===================================================================
---- httpd-2.4.12.orig/modules/lua/lua_config.c
-+++ httpd-2.4.12/modules/lua/lua_config.c
+--- httpd-2.4.16.orig/modules/lua/lua_config.c
++++ httpd-2.4.16/modules/lua/lua_config.c
 @@ -263,13 +263,20 @@ void ap_lua_load_config_lmodule(lua_Stat
      lua_pushvalue(L, -1);
  
@@ -62,10 +56,10 @@ Index: httpd-2.4.12/modules/lua/lua_config.c
 +#endif
  
  }
-Index: httpd-2.4.12/modules/lua/lua_request.c
+Index: httpd-2.4.16/modules/lua/lua_request.c
 ===================================================================
---- httpd-2.4.12.orig/modules/lua/lua_request.c
-+++ httpd-2.4.12/modules/lua/lua_request.c
+--- httpd-2.4.16.orig/modules/lua/lua_request.c
++++ httpd-2.4.16/modules/lua/lua_request.c
 @@ -149,7 +149,11 @@ static int req_aprtable2luatable_cb(void
          }
      case LUA_TTABLE:{
@@ -126,7 +120,7 @@ Index: httpd-2.4.12/modules/lua/lua_request.c
          lua_pop(L, 1);
          
          /* secure */
-@@ -2878,7 +2886,11 @@ void ap_lua_load_request_lmodule(lua_Sta
+@@ -2889,7 +2897,11 @@ void ap_lua_load_request_lmodule(lua_Sta
      lua_pushvalue(L, -1);
  
      lua_setfield(L, -2, "__index");
@@ -138,7 +132,7 @@ Index: httpd-2.4.12/modules/lua/lua_request.c
  
      lua_pop(L, 2);
  
-@@ -2886,7 +2898,11 @@ void ap_lua_load_request_lmodule(lua_Sta
+@@ -2897,7 +2909,11 @@ void ap_lua_load_request_lmodule(lua_Sta
      lua_pushvalue(L, -1);
  
      lua_setfield(L, -2, "__index");
@@ -150,7 +144,7 @@ Index: httpd-2.4.12/modules/lua/lua_request.c
  
      lua_pop(L, 2);
  
-@@ -2894,7 +2910,11 @@ void ap_lua_load_request_lmodule(lua_Sta
+@@ -2905,7 +2921,11 @@ void ap_lua_load_request_lmodule(lua_Sta
      lua_pushvalue(L, -1);
  
      lua_setfield(L, -2, "__index");
diff --git a/httpd-2.4.12.tar.bz2 b/httpd-2.4.12.tar.bz2
deleted file mode 100644
index e20e6df..0000000
--- a/httpd-2.4.12.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ad6d39edfe4621d8cc9a2791f6f8d6876943a9da41ac8533d77407a2e630eae4
-size 5054838
diff --git a/httpd-2.4.16.tar.bz2 b/httpd-2.4.16.tar.bz2
new file mode 100644
index 0000000..6c5b4e1
--- /dev/null
+++ b/httpd-2.4.16.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ac660b47aaa7887779a6430404dcb40c0b04f90ea69e7bd49a40552e9ff13743
+size 5101005
diff --git a/httpd-2.4.x-mod_lua_websocket_DoS.patch b/httpd-2.4.x-mod_lua_websocket_DoS.patch
deleted file mode 100644
index 4dc329f..0000000
--- a/httpd-2.4.x-mod_lua_websocket_DoS.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 643f0fcf3b8ab09a68f0ecd2aa37aafeda3e63ef Mon Sep 17 00:00:00 2001
-From: Eric Covener <covener@apache.org>
-Date: Wed, 4 Feb 2015 14:44:23 +0000
-Subject: [PATCH]   *) SECURITY: CVE-2015-0228 (cve.mitre.org)      mod_lua: A
- maliciously crafted websockets PING after a script      calls r:wsupgrade()
- can cause a child process crash.      [Edward Lu <Chaosed0 gmail.com>]
-
-Discovered by Guido Vranken <guidovranken gmail.com>
-
-Submitted by: Edward Lu
-Committed by: covener
-
-
-
-git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1657261 13f79535-47bb-0310-9956-ffa450edef68
----
-diff --git a/modules/lua/lua_request.c b/modules/lua/lua_request.c
-index dded599..1200c55 100644
---- a/modules/lua/lua_request.c
-+++ b/modules/lua/lua_request.c
-@@ -2227,6 +2227,7 @@ static int lua_websocket_read(lua_State *L)
- {
-     apr_socket_t *sock;
-     apr_status_t rv;
-+    int do_read = 1;
-     int n = 0;
-     apr_size_t len = 1;
-     apr_size_t plen = 0;
-@@ -2244,6 +2245,8 @@ static int lua_websocket_read(lua_State *L)
-     mask_bytes = apr_pcalloc(r->pool, 4);
-     sock = ap_get_conn_socket(r->connection);
- 
-+    while (do_read) { 
-+    do_read = 0;
-     /* Get opcode and FIN bit */
-     if (plaintext) {
-         rv = apr_socket_recv(sock, &byte, &len);
-@@ -2377,10 +2380,11 @@ static int lua_websocket_read(lua_State *L)
-                 frame[0] = 0x8A;
-                 frame[1] = 0;
-                 apr_socket_send(sock, frame, &plen); /* Pong! */
--                lua_websocket_read(L); /* read the next frame instead */
-+                do_read = 1;
-             }
-         }
-     }
-+    }
-     return 0;
- }
-