diff --git a/SOURCES/subversion-1.10.2-CVE-2020-17525.patch b/SOURCES/subversion-1.10.2-CVE-2020-17525.patch
new file mode 100644
index 0000000..82784bf
--- /dev/null
+++ b/SOURCES/subversion-1.10.2-CVE-2020-17525.patch
@@ -0,0 +1,17 @@
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1922303
+https://github.com/apache/subversion/commit/c83d9e5db564bdbbd91a7eb1c9399f66f481361c
+
+--- a/subversion/libsvn_repos/config_file.c
++++ b/subversion/libsvn_repos/config_file.c
+@@ -237,6 +237,10 @@ get_repos_config(svn_stream_t **stream,
+ {
+ /* Search for a repository in the full path. */
+ repos_root_dirent = svn_repos_find_root_path(dirent, scratch_pool);
++ if (repos_root_dirent == NULL)
++ return svn_error_trace(handle_missing_file(stream, checksum, access,
++ url, must_exist,
++ svn_node_none));
+
+ /* Attempt to open a repository at repos_root_dirent. */
+ SVN_ERR(svn_repos_open3(&access->repos, repos_root_dirent, NULL,
diff --git a/SOURCES/subversion-1.10.2-CVE-2022-24070.patch b/SOURCES/subversion-1.10.2-CVE-2022-24070.patch
new file mode 100644
index 0000000..0d29883
--- /dev/null
+++ b/SOURCES/subversion-1.10.2-CVE-2022-24070.patch
@@ -0,0 +1,41 @@
+--- subversion-1.10.2/subversion/libsvn_repos/authz.c
++++ subversion-1.10.2/subversion/libsvn_repos/authz.c
+@@ -130,6 +130,30 @@
+ static svn_object_pool__t *filtered_pool = NULL;
+ static svn_atomic_t authz_pool_initialized = FALSE;
+
++/*
++ * Ensure that we will initialize authz again if the pool which
++ * our authz caches depend on is cleared.
++ *
++ * HTTPD may run pre/post config hooks multiple times and clear
++ * its global configuration pool which our authz pools depend on.
++ * This happens in a non-threaded context during HTTPD's intialization
++ * and HTTPD's main loop, so it is safe to reset static variables here.
++ * (And any applications which cleared this pool while SVN threads
++ * were running would crash no matter what.)
++ *
++ * See issue #4880, "Use-after-free of object-pools in
++ * subversion/libsvn_repos/authz.c when used as httpd module"
++ */
++static apr_status_t
++deinit_authz(void *data)
++{
++ /* The two object pools run their own cleanup handlers. */
++ authz_pool = NULL;
++ filtered_pool = NULL;
++ authz_pool_initialized = FALSE;
++ return APR_SUCCESS;
++}
++
+ /* Implements svn_atomic__err_init_func_t. */
+ static svn_error_t *
+ synchronized_authz_initialize(void *baton, apr_pool_t *pool)
+@@ -143,6 +167,7 @@
+ SVN_ERR(svn_object_pool__create(&authz_pool, multi_threaded, pool));
+ SVN_ERR(svn_object_pool__create(&filtered_pool, multi_threaded, pool));
+
++ apr_pool_cleanup_register(pool, NULL, deinit_authz, apr_pool_cleanup_null);
+ return SVN_NO_ERROR;
+ }
+
diff --git a/SPECS/subversion.spec b/SPECS/subversion.spec
index 1c2e656..47bd86e 100644
--- a/SPECS/subversion.spec
+++ b/SPECS/subversion.spec
@@ -37,7 +37,7 @@
Summary: A Modern Concurrent Version Control System
Name: subversion
Version: 1.10.2
-Release: 3%{?dist}
+Release: 5%{?dist}
License: ASL 2.0
Group: Development/Tools
URL: https://subversion.apache.org/
@@ -56,6 +56,9 @@ Patch4: subversion-1.8.0-rubybind.patch
Patch5: subversion-1.8.5-swigplWall.patch
Patch6: subversion-1.10.2-CVE-2019-0203.patch
Patch7: subversion-1.10.2-CVE-2018-11782.patch
+Patch8: subversion-1.10.2-CVE-2020-17525.patch
+Patch9: subversion-1.10.2-CVE-2022-24070.patch
+
BuildRequires: autoconf, libtool, texinfo, which
BuildRequires: swig >= 1.3.24, gettext
%if %{with bdb}
@@ -224,6 +227,8 @@ This package includes supplementary tools for use with Subversion.
%patch5 -p1 -b .swigplWall
%patch6 -p1 -b .cve0203
%patch7 -p1 -b .cve11782
+%patch8 -p1 -b .cve17525
+%patch9 -p1 -b .cve24070
%build
# Regenerate the buildsystem, so that:
@@ -546,6 +551,12 @@ make check-javahl
%endif
%changelog
+* Wed May 04 2022 Richard Lescak <rlescak@gmail.com> - 1.10.2-5
+- add security fix for CVE-2022-24070
+
+* Wed Feb 10 2021 Joe Orton <jorton@redhat.com> - 1.10.2-4
+- add security fix for CVE-2020-17525
+
* Mon May 18 2020 Joe Orton <jorton@redhat.com> - 1.10.2-3
- add security fix for CVE-2018-11782