Fixes the following security issues:
- CVE-2021-28544: SVN authz protected copyfrom paths regression
Subversion servers reveal 'copyfrom' paths that should be hidden according
to configured path-based authorization (authz) rules. When a node has
been copied from a protected location, users with access to the copy can
see the `copyfrom' path of the original. This also reveals the fact that
the node was copied. Only the 'copyfrom' path is revealed; not its
contents. Both httpd and svnserve servers are vulnerable.
https://subversion.apache.org/security/CVE-2021-28544-advisory.txt
- CVE-2022-24070: Subversion's mod_dav_svn is vulnerable to memory corruption
While looking up path-based authorization rules, mod_dav_svn servers may
attempt to use memory which has already been freed.
https://subversion.apache.org/security/CVE-2022-24070-advisory.txt
Drop no longer needed patch and autoreconf, as this is now fixed upstream:
https://svn.apache.org/viewvc?view=revision&revision=1881534
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 89e51bc625)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4dfd34f9f6