diff --git a/SOURCES/subversion-1.14.1-CVE-2022-24070.patch b/SOURCES/subversion-1.14.1-CVE-2022-24070.patch
new file mode 100644
index 0000000..e13af5e
--- /dev/null
+++ b/SOURCES/subversion-1.14.1-CVE-2022-24070.patch
@@ -0,0 +1,41 @@
+--- subversion-1.14.1/subversion/libsvn_repos/authz.c
++++ subversion-1.14.1/subversion/libsvn_repos/authz.c
+@@ -130,6 +130,30 @@
+ static svn_object_pool__t *filtered_pool = NULL;
+ static svn_atomic_t authz_pool_initialized = FALSE;
+ 
++/*
++ * Ensure that we will initialize authz again if the pool which
++ * our authz caches depend on is cleared.
++ *
++ * HTTPD may run pre/post config hooks multiple times and clear
++ * its global configuration pool which our authz pools depend on.
++ * This happens in a non-threaded context during HTTPD's intialization
++ * and HTTPD's main loop, so it is safe to reset static variables here.
++ * (And any applications which cleared this pool while SVN threads
++ * were running would crash no matter what.)
++ *
++ * See issue #4880, "Use-after-free of object-pools in
++ * subversion/libsvn_repos/authz.c when used as httpd module"
++ */
++static apr_status_t
++deinit_authz(void *data)
++{
++  /* The two object pools run their own cleanup handlers. */
++  authz_pool = NULL;
++  filtered_pool = NULL;
++  authz_pool_initialized = FALSE;
++  return APR_SUCCESS;
++}
++
+ /* Implements svn_atomic__err_init_func_t. */
+ static svn_error_t *
+ synchronized_authz_initialize(void *baton, apr_pool_t *pool)
+@@ -143,6 +167,7 @@
+   SVN_ERR(svn_object_pool__create(&authz_pool, multi_threaded, pool));
+   SVN_ERR(svn_object_pool__create(&filtered_pool, multi_threaded, pool));
+ 
++  apr_pool_cleanup_register(pool, NULL, deinit_authz, apr_pool_cleanup_null);
+   return SVN_NO_ERROR;
+ }
+ 
diff --git a/SOURCES/subversion-1.14.1-fixjavatests.patch b/SOURCES/subversion-1.14.1-fixjavatests.patch
new file mode 100644
index 0000000..b7a79b0
--- /dev/null
+++ b/SOURCES/subversion-1.14.1-fixjavatests.patch
@@ -0,0 +1,30 @@
+
+See upstream dev@subversion thread.  Fixes intermittent failure of
+javahl tests, particularly reproducible on aarch64.
+
+Message-ID: <11de5f5c-5059-b973-95a1-385e7913a63a@syntevo.com>
+From: Alexandr Miloslavskiy
+
+--- subversion-1.14.1/subversion/bindings/javahl/tests/org/apache/subversion/javahl/BasicTests.java.fixjavatests
++++ subversion-1.14.1/subversion/bindings/javahl/tests/org/apache/subversion/javahl/BasicTests.java
+@@ -4676,7 +4676,19 @@
+             // RuntimeException("Test exception") is expected here
+         }
+ 
+-        tunnelAgent.joinAndTest();
++        // In this test, there is a race condition that sometimes results in
++        // IOException when 'WAIT_TUNNEL' tries to read from a pipe that
++        // already has its read end closed. This is not an error, but
++        // it's hard to distinguish this case from other IOException which
++        // indicate a problem. To reproduce, simply wrap this test's body in
++        // a loop. The workaround is to ignore any detected IOException.
++        //
++        // tunnelAgent.joinAndTest();
++        try {
++            tunnelAgent.join();
++        } catch (InterruptedException e) {
++            e.printStackTrace ();
++        }
+     }
+ 
+     /**
diff --git a/SOURCES/subversion-1.14.1-testnoautoprops.patch b/SOURCES/subversion-1.14.1-testnoautoprops.patch
new file mode 100644
index 0000000..96dd59d
--- /dev/null
+++ b/SOURCES/subversion-1.14.1-testnoautoprops.patch
@@ -0,0 +1,14 @@
+
+Fix intermittent failures when "svn add" guesses a near-empty file is binary and hence
+the output is different.
+
+--- subversion-1.14.1/subversion/tests/cmdline/svntest/main.py.testnoautoprops
++++ subversion-1.14.1/subversion/tests/cmdline/svntest/main.py
+@@ -691,6 +691,7 @@
+ 
+ [miscellany]
+ interactive-conflicts = false
++enable-auto-props = no
+ """
+     if exclusive_wc_locks:
+       config_contents += """
diff --git a/SPECS/subversion.spec b/SPECS/subversion.spec
index 6cbda6f..32871af 100644
--- a/SPECS/subversion.spec
+++ b/SPECS/subversion.spec
@@ -56,7 +56,7 @@
 Summary: A Modern Concurrent Version Control System
 Name: subversion
 Version: 1.14.1
-Release: 4.1%{?dist}
+Release: 5%{?dist}
 License: ASL 2.0
 URL: https://subversion.apache.org/
 Source0: https://downloads.apache.org/subversion/subversion-%{version}.tar.bz2
@@ -72,6 +72,11 @@ Patch2: subversion-1.14.0-testwarn.patch
 Patch3: subversion-1.14.0-soversion.patch
 Patch4: subversion-1.8.0-rubybind.patch
 Patch5: subversion-1.8.5-swigplWall.patch
+Patch6: subversion-1.14.1-testnoautoprops.patch            
+Patch7: subversion-1.14.1-fixjavatests.patch
+Patch8: subversion-1.14.1-CVE-2022-24070.patch
+
+
 BuildRequires: make
 BuildRequires: autoconf, libtool, texinfo, which, gcc, gcc-c++
 BuildRequires: swig >= 1.3.24, gettext
@@ -233,6 +238,9 @@ This package includes supplementary tools for use with Subversion.
 %patch3 -p1 -b .soversion
 %patch4 -p1 -b .rubybind
 %patch5 -p1 -b .swigplWall
+%patch6 -p1 -b .testnoautoprops            
+%patch7 -p1 -b .fixjavatests
+%patch8 -p1 -b .cve24070
 
 :
 : === Building:
@@ -578,6 +586,9 @@ make check-javahl
 %endif
 
 %changelog
+* Tue Apr 26 2022 Richard Lescak <rlescak@redhat.com> - 1.14.1-5
+- Fix for CVE-2022-24070 (#2076565)
+
 * Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1.14.1-4.1
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
   Related: rhbz#1991688