I installed mod_security 2.0.3 on one of my Gentoo servers the other day. As version 2 is not yet in portage I took the usual shortcut and copied and renamed one of the old ebuilds in to my portage overlay directory. This approach was not as succesfull as I hoped and resulted in “undefined symbol: msc_alert”. The reason became obvious when comparing the 2.0.3 release to the 1.9.4. The 1.9.4 basicaly contains a singe file mod_security.c which is compiled and installed by portage. The 2.0.3 release has a whole bunch of source files that need to be compiled before linking the apache module. I have made a quick-n-dirty hack in order to address this which seems to work for me. The new ebuild is available here for anyone interested. The syntax of the 2 release has changed, which makes the old 99_mod_security.conf obsolete. I downloaded the core-rules package from here and changed the 99_mod_security.conf to load all rules found in one directory like this.
The above information comes with the usual disclaimer and with no warranty of any kind. It may or may not work for your purposes.