!65 fix CVE-2024-46901

From: @fly_fzc 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen

backport-CVE-2024-45720.patch

@@ -0,0 +1,805 @@
+From df2748f7e2a973c67b0dd338bbe27d2d92a55130 Mon Sep 17 00:00:00 2001
+From: Stefan Sperling <stsp@apache.org>
+Date: Tue, 8 Oct 2024 09:16:50 +0000
+Subject: [PATCH] Committing the fix for CVE-2024-45720 to trunk.
+
+(detailed log message remains to be filled in here)
+
+Patch by: kotkov, jun66j5
+
+
+git-svn-id: https://svn.apache.org/repos/asf/subversion/trunk@1921181 13f79535-47bb-0310-9956-ffa450edef68
+---
+ build.conf                                    |  4 +-
+ .../include/private/svn_cmdline_private.h     | 28 +++++++++
+ subversion/libsvn_subr/cmdline.c              | 57 +++++++++++++++++++
+ subversion/svn/svn.c                          | 10 +++-
+ subversion/svnadmin/svnadmin.c                | 10 +++-
+ subversion/svnbench/svnbench.c                | 10 +++-
+ subversion/svndumpfilter/svndumpfilter.c      | 10 +++-
+ subversion/svnfsfs/svnfsfs.c                  | 10 +++-
+ subversion/svnlook/svnlook.c                  | 10 +++-
+ subversion/svnmucc/svnmucc.c                  | 10 +++-
+ subversion/svnrdump/svnrdump.c                | 10 +++-
+ subversion/svnserve/svnserve.c                | 11 +++-
+ subversion/svnsync/svnsync.c                  | 10 +++-
+ subversion/svnversion/svnversion.c            | 10 +++-
+ .../svn-mergeinfo-normalizer.c                | 10 +++-
+ tools/client-side/svnconflict/svnconflict.c   | 10 +++-
+ .../svnraisetreeconflict.c                    | 10 +++-
+ tools/dev/wc-ng/svn-wc-db-tester.c            | 10 +++-
+ tools/server-side/svnauthz.c                  | 12 +++-
+ 19 files changed, 217 insertions(+), 35 deletions(-)
+
+diff --git a/build.conf b/build.conf
+index 1402000743..3dbb8db50b 100644
+--- a/build.conf
++++ b/build.conf
+@@ -150,7 +150,7 @@ libs = libsvn_client libsvn_wc libsvn_ra libsvn_delta libsvn_diff libsvn_subr
+        apriconv apr
+ manpages = subversion/svn/svn.1
+ install = bin
+-msvc-libs = setargv.obj
++msvc-libs = wsetargv.obj
+ 
+ # The subversion repository administration tool
+ [svnadmin]
+@@ -160,7 +160,7 @@ path = subversion/svnadmin
+ install = bin
+ manpages = subversion/svnadmin/svnadmin.1
+ libs = libsvn_repos libsvn_fs libsvn_delta libsvn_subr apriconv apr
+-msvc-libs = setargv.obj
++msvc-libs = wsetargv.obj
+ 
+ # The subversion repository dump filtering tool
+ [svndumpfilter]
+diff --git a/subversion/include/private/svn_cmdline_private.h b/subversion/include/private/svn_cmdline_private.h
+index ac5fb7b079..aa8bb7bcca 100644
+--- a/subversion/include/private/svn_cmdline_private.h
++++ b/subversion/include/private/svn_cmdline_private.h
+@@ -278,6 +278,34 @@ svn_cmdline__stdin_readline(const char **result,
+                             apr_pool_t *result_pool,
+                             apr_pool_t *scratch_pool);
+ 
++#if defined(WIN32)
++/* Normalizes Windows-specific command line arguments, such as those passed
++   to wmain(), to the environment-specific code page. */
++svn_error_t *
++svn_cmdline__win32_get_cstring_argv(const char **cstring_argv_p[],
++                                    int argc,
++                                    const wchar_t *argv[],
++                                    apr_pool_t *result_pool);
++#endif
++
++/* Default platform-agnostic handler that normalizes command line arguments
++   to the environment-specific code page. */
++svn_error_t *
++svn_cmdline__default_get_cstring_argv(const char **cstring_argv_p[],
++                                      int argc,
++                                      const char *argv[],
++                                      apr_pool_t *result_pool);
++
++#if defined(WIN32) && defined(_MSC_VER)
++typedef wchar_t svn_cmdline__argv_char_t;
++#define SVN_CMDLINE__MAIN wmain
++#define svn_cmdline__get_cstring_argv svn_cmdline__win32_get_cstring_argv
++#else
++typedef char svn_cmdline__argv_char_t;
++#define SVN_CMDLINE__MAIN main
++#define svn_cmdline__get_cstring_argv svn_cmdline__default_get_cstring_argv
++#endif
++
+ #ifdef __cplusplus
+ }
+ #endif /* __cplusplus */
+diff --git a/subversion/libsvn_subr/cmdline.c b/subversion/libsvn_subr/cmdline.c
+index 6bfc68b3b5..307f0bb865 100644
+--- a/subversion/libsvn_subr/cmdline.c
++++ b/subversion/libsvn_subr/cmdline.c
+@@ -1898,3 +1898,60 @@ svn_cmdline__cancellation_exit(void)
+ #endif
+     }
+ }
++
++#if defined(WIN32)
++
++svn_error_t *
++svn_cmdline__win32_get_cstring_argv(const char **cstring_argv_p[],
++                                    int argc,
++                                    const wchar_t *argv[],
++                                    apr_pool_t *result_pool)
++{
++  apr_array_header_t *cstring_argv;
++  int i;
++
++  cstring_argv = apr_array_make(result_pool, argc + 1, sizeof(const char *));
++
++  for (i = 0; i < argc; i++)
++    {
++      const wchar_t *arg = argv[i];
++      char *cstring_arg;
++      int rv;
++
++      /* Passing -1 for the string length guarantees that the returned length
++         will account for a terminating null character. */
++      rv = WideCharToMultiByte(CP_ACP, 0, arg, -1, NULL, 0, NULL, NULL);
++      if (rv <= 0)
++        {
++          return svn_error_wrap_apr(apr_get_os_error(),
++                                    _("Conversion from UTF-16 failed"));
++        }
++
++      cstring_arg = apr_palloc(result_pool, rv);
++      rv = WideCharToMultiByte(CP_ACP, 0, arg, -1, cstring_arg, rv, NULL, NULL);
++      if (rv <= 0)
++        {
++          return svn_error_wrap_apr(apr_get_os_error(),
++                                    _("Conversion from UTF-16 failed"));
++        }
++
++      APR_ARRAY_PUSH(cstring_argv, const char *) = cstring_arg;
++    }
++
++  APR_ARRAY_PUSH(cstring_argv, const char *) = NULL;
++
++  *cstring_argv_p = (const char **)cstring_argv->elts;
++  return SVN_NO_ERROR;
++}
++
++#endif
++
++svn_error_t *
++svn_cmdline__default_get_cstring_argv(const char **cstring_argv_p[],
++                                      int argc,
++                                      const char *argv[],
++                                      apr_pool_t *result_pool)
++{
++  *cstring_argv_p = argv;
++  return SVN_NO_ERROR;
++}
+diff --git a/subversion/svn/svn.c b/subversion/svn/svn.c
+index 79a4f3b0f9..46c6327aba 100644
+--- a/subversion/svn/svn.c
++++ b/subversion/svn/svn.c
+@@ -2200,7 +2200,10 @@ parse_compatible_version(svn_cl__opt_state_t* opt_state,
+  * return SVN_NO_ERROR.
+  */
+ static svn_error_t *
+-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
++sub_main(int *exit_code,
++         int argc,
++         const svn_cmdline__argv_char_t *cmdline_argv[],
++         apr_pool_t *pool)
+ {
+   svn_error_t *err;
+   int opt_id;
+@@ -2226,12 +2229,15 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+   apr_hash_t *cfg_hash;
+   svn_membuf_t buf;
+   svn_boolean_t read_pass_from_stdin = FALSE;
++  const char **argv;
+ 
+   received_opts = apr_array_make(pool, SVN_OPT_MAX_OPTIONS, sizeof(int));
+ 
+   /* Check library versions */
+   SVN_ERR(check_lib_versions());
+ 
++  SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool));
++
+ #if defined(WIN32) || defined(__CYGWIN__)
+   /* Set the working copy administrative directory name. */
+   if (getenv("SVN_ASP_DOT_NET_HACK"))
+@@ -3444,7 +3450,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+ }
+ 
+ int
+-main(int argc, const char *argv[])
++SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[])
+ {
+   apr_pool_t *pool;
+   int exit_code = EXIT_SUCCESS;
+diff --git a/subversion/svnadmin/svnadmin.c b/subversion/svnadmin/svnadmin.c
+index 25650cb7db..d54d3925b6 100644
+--- a/subversion/svnadmin/svnadmin.c
++++ b/subversion/svnadmin/svnadmin.c
+@@ -3053,7 +3053,10 @@ subcommand_build_repcache(apr_getopt_t *os, void *baton, apr_pool_t *pool)
+  * return SVN_NO_ERROR.
+  */
+ static svn_error_t *
+-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
++sub_main(int *exit_code,
++         int argc,
++         const svn_cmdline__argv_char_t *cmdline_argv[],
++         apr_pool_t *pool)
+ {
+   svn_error_t *err;
+   apr_status_t apr_err;
+@@ -3065,12 +3068,15 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+   apr_array_header_t *received_opts;
+   int i;
+   svn_boolean_t dash_F_arg = FALSE;
++  const char **argv;
+ 
+   received_opts = apr_array_make(pool, SVN_OPT_MAX_OPTIONS, sizeof(int));
+ 
+   /* Check library versions */
+   SVN_ERR(check_lib_versions());
+ 
++  SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool));
++
+   /* Initialize the FS library. */
+   SVN_ERR(svn_fs_initialize(pool));
+ 
+@@ -3450,7 +3456,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+ }
+ 
+ int
+-main(int argc, const char *argv[])
++SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[])
+ {
+   apr_pool_t *pool;
+   int exit_code = EXIT_SUCCESS;
+diff --git a/subversion/svnbench/svnbench.c b/subversion/svnbench/svnbench.c
+index 4326edbfa7..3be98eeac7 100644
+--- a/subversion/svnbench/svnbench.c
++++ b/subversion/svnbench/svnbench.c
+@@ -386,7 +386,10 @@ add_search_pattern_group(svn_cl__opt_state_t *opt_state,
+  * return SVN_NO_ERROR.
+  */
+ static svn_error_t *
+-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
++sub_main(int *exit_code,
++         int argc,
++         const svn_cmdline__argv_char_t *cmdline_argv[],
++         apr_pool_t *pool)
+ {
+   svn_error_t *err;
+   int opt_id;
+@@ -405,6 +408,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+   ra_progress_baton_t ra_progress_baton = {0};
+   svn_membuf_t buf;
+   svn_boolean_t read_pass_from_stdin = FALSE;
++  const char **argv;
+ 
+   received_opts = apr_array_make(pool, SVN_OPT_MAX_OPTIONS, sizeof(int));
+ 
+@@ -414,6 +418,8 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+   /* Check library versions */
+   SVN_ERR(check_lib_versions());
+ 
++  SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool));
++
+ #if defined(WIN32) || defined(__CYGWIN__)
+   /* Set the working copy administrative directory name. */
+   if (getenv("SVN_ASP_DOT_NET_HACK"))
+@@ -979,7 +985,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+ }
+ 
+ int
+-main(int argc, const char *argv[])
++SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[])
+ {
+   apr_pool_t *pool;
+   int exit_code = EXIT_SUCCESS;
+diff --git a/subversion/svndumpfilter/svndumpfilter.c b/subversion/svndumpfilter/svndumpfilter.c
+index a948b3a4ce..272303be3c 100644
+--- a/subversion/svndumpfilter/svndumpfilter.c
++++ b/subversion/svndumpfilter/svndumpfilter.c
+@@ -1291,7 +1291,10 @@ subcommand_include(apr_getopt_t *os, void *baton, apr_pool_t *pool)
+  * return SVN_NO_ERROR.
+  */
+ static svn_error_t *
+-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
++sub_main(int *exit_code,
++         int argc,
++         const svn_cmdline__argv_char_t *cmdline_argv[],
++         apr_pool_t *pool)
+ {
+   svn_error_t *err;
+   apr_status_t apr_err;
+@@ -1302,10 +1305,13 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+   int opt_id;
+   apr_array_header_t *received_opts;
+   int i;
++  const char **argv;
+ 
+   /* Check library versions */
+   SVN_ERR(check_lib_versions());
+ 
++  SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool));
++
+   received_opts = apr_array_make(pool, SVN_OPT_MAX_OPTIONS, sizeof(int));
+ 
+   /* Initialize the FS library. */
+@@ -1564,7 +1570,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+ }
+ 
+ int
+-main(int argc, const char *argv[])
++SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[])
+ {
+   apr_pool_t *pool;
+   int exit_code = EXIT_SUCCESS;
+diff --git a/subversion/svnfsfs/svnfsfs.c b/subversion/svnfsfs/svnfsfs.c
+index 6fcb792cc5..1ff49fa9d2 100644
+--- a/subversion/svnfsfs/svnfsfs.c
++++ b/subversion/svnfsfs/svnfsfs.c
+@@ -228,7 +228,10 @@ subcommand__help(apr_getopt_t *os, void *baton, apr_pool_t *pool)
+  * return SVN_NO_ERROR.
+  */
+ static svn_error_t *
+-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
++sub_main(int *exit_code,
++         int argc,
++         const svn_cmdline__argv_char_t *cmdline_argv[],
++         apr_pool_t *pool)
+ {
+   svn_error_t *err;
+   apr_status_t apr_err;
+@@ -239,12 +242,15 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+   int opt_id;
+   apr_array_header_t *received_opts;
+   int i;
++  const char **argv;
+ 
+   received_opts = apr_array_make(pool, SVN_OPT_MAX_OPTIONS, sizeof(int));
+ 
+   /* Check library versions */
+   SVN_ERR(check_lib_versions());
+ 
++  SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool));
++
+   /* Initialize the FS library. */
+   SVN_ERR(svn_fs_initialize(pool));
+ 
+@@ -473,7 +479,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+ }
+ 
+ int
+-main(int argc, const char *argv[])
++SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[])
+ {
+   apr_pool_t *pool;
+   int exit_code = EXIT_SUCCESS;
+diff --git a/subversion/svnlook/svnlook.c b/subversion/svnlook/svnlook.c
+index 59bd0f9c0a..3035783920 100644
+--- a/subversion/svnlook/svnlook.c
++++ b/subversion/svnlook/svnlook.c
+@@ -2466,7 +2466,10 @@ subcommand_uuid(apr_getopt_t *os, void *baton, apr_pool_t *pool)
+  * return SVN_NO_ERROR.
+  */
+ static svn_error_t *
+-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
++sub_main(int *exit_code,
++         int argc,
++         const svn_cmdline__argv_char_t *cmdline_argv[],
++         apr_pool_t *pool)
+ {
+   svn_error_t *err;
+   apr_status_t apr_err;
+@@ -2477,12 +2480,15 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+   int opt_id;
+   apr_array_header_t *received_opts;
+   int i;
++  const char **argv;
+ 
+   received_opts = apr_array_make(pool, SVN_OPT_MAX_OPTIONS, sizeof(int));
+ 
+   /* Check library versions */
+   SVN_ERR(check_lib_versions());
+ 
++  SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool));
++
+   /* Initialize the FS library. */
+   SVN_ERR(svn_fs_initialize(pool));
+ 
+@@ -2850,7 +2856,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+ }
+ 
+ int
+-main(int argc, const char *argv[])
++SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[])
+ {
+   apr_pool_t *pool;
+   int exit_code = EXIT_SUCCESS;
+diff --git a/subversion/svnmucc/svnmucc.c b/subversion/svnmucc/svnmucc.c
+index c3e9d26ac5..3cf5dc38ea 100644
+--- a/subversion/svnmucc/svnmucc.c
++++ b/subversion/svnmucc/svnmucc.c
+@@ -467,7 +467,10 @@ log_message_func(const char **log_msg,
+  * return SVN_NO_ERROR.
+  */
+ static svn_error_t *
+-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
++sub_main(int *exit_code,
++         int argc,
++         const svn_cmdline__argv_char_t *cmdline_argv[],
++         apr_pool_t *pool)
+ {
+   apr_array_header_t *actions = apr_array_make(pool, 1,
+                                                sizeof(struct action *));
+@@ -533,10 +536,13 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+   struct log_message_baton lmb;
+   int i;
+   svn_boolean_t read_pass_from_stdin = FALSE;
++  const char **argv;
+ 
+   /* Check library versions */
+   SVN_ERR(check_lib_versions());
+ 
++  SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool));
++
+   /* Initialize the RA library. */
+   SVN_ERR(svn_ra_initialize(pool));
+ 
+@@ -980,7 +986,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+ }
+ 
+ int
+-main(int argc, const char *argv[])
++SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[])
+ {
+   apr_pool_t *pool;
+   int exit_code = EXIT_SUCCESS;
+diff --git a/subversion/svnrdump/svnrdump.c b/subversion/svnrdump/svnrdump.c
+index 500a5f9ea3..aa88b4f0af 100644
+--- a/subversion/svnrdump/svnrdump.c
++++ b/subversion/svnrdump/svnrdump.c
+@@ -784,7 +784,10 @@ validate_and_resolve_revisions(opt_baton_t *opt_baton,
+  * return SVN_NO_ERROR.
+  */
+ static svn_error_t *
+-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
++sub_main(int *exit_code,
++         int argc,
++         const svn_cmdline__argv_char_t *cmdline_argv[],
++         apr_pool_t *pool)
+ {
+   svn_error_t *err = SVN_NO_ERROR;
+   const svn_opt_subcommand_desc3_t *subcommand = NULL;
+@@ -806,6 +809,9 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+   apr_array_header_t *received_opts;
+   int i;
+   svn_boolean_t read_pass_from_stdin = FALSE;
++  const char **argv;
++
++  SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool));
+ 
+   opt_baton = apr_pcalloc(pool, sizeof(*opt_baton));
+   opt_baton->start_revision.kind = svn_opt_revision_unspecified;
+@@ -1155,7 +1161,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+ }
+ 
+ int
+-main(int argc, const char *argv[])
++SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[])
+ {
+   apr_pool_t *pool;
+   int exit_code = EXIT_SUCCESS;
+diff --git a/subversion/svnserve/svnserve.c b/subversion/svnserve/svnserve.c
+index a69155fa74..1cdb751b30 100644
+--- a/subversion/svnserve/svnserve.c
++++ b/subversion/svnserve/svnserve.c
+@@ -721,7 +721,10 @@ check_lib_versions(void)
+  * return SVN_NO_ERROR.
+  */
+ static svn_error_t *
+-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
++sub_main(int *exit_code,
++         int argc,
++         const svn_cmdline__argv_char_t *cmdline_argv[],
++         apr_pool_t *pool)
+ {
+   enum run_mode run_mode = run_mode_unspecified;
+   svn_boolean_t foreground = FALSE;
+@@ -760,6 +763,8 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+   svn_node_kind_t kind;
+   apr_size_t min_thread_count = THREADPOOL_MIN_SIZE;
+   apr_size_t max_thread_count = THREADPOOL_MAX_SIZE;
++  const char **argv;
++
+ #ifdef SVN_HAVE_SASL
+   SVN_ERR(cyrus_init(pool));
+ #endif
+@@ -767,6 +772,8 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+   /* Check library versions */
+   SVN_ERR(check_lib_versions());
+ 
++  SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool));
++
+   /* Initialize the FS library. */
+   SVN_ERR(svn_fs_initialize(pool));
+ 
+@@ -1422,7 +1429,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+ }
+ 
+ int
+-main(int argc, const char *argv[])
++SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[])
+ {
+   apr_pool_t *pool;
+   int exit_code = EXIT_SUCCESS;
+diff --git a/subversion/svnsync/svnsync.c b/subversion/svnsync/svnsync.c
+index 7c1c0efbf7..12b1c989e1 100644
+--- a/subversion/svnsync/svnsync.c
++++ b/subversion/svnsync/svnsync.c
+@@ -1963,7 +1963,10 @@ help_cmd(apr_getopt_t *os, void *baton, apr_pool_t *pool)
+  * return SVN_NO_ERROR.
+  */
+ static svn_error_t *
+-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
++sub_main(int *exit_code,
++         int argc,
++         const svn_cmdline__argv_char_t *cmdline_argv[],
++         apr_pool_t *pool)
+ {
+   const svn_opt_subcommand_desc3_t *subcommand = NULL;
+   apr_array_header_t *received_opts;
+@@ -1978,10 +1981,13 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+   apr_array_header_t *config_options = NULL;
+   const char *source_prop_encoding = NULL;
+   svn_boolean_t force_interactive = FALSE;
++  const char **argv;
+ 
+   /* Check library versions */
+   SVN_ERR(check_lib_versions());
+ 
++  SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool));
++
+   SVN_ERR(svn_ra_initialize(pool));
+ 
+   /* Initialize the option baton. */
+@@ -2402,7 +2408,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+ }
+ 
+ int
+-main(int argc, const char *argv[])
++SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[])
+ {
+   apr_pool_t *pool;
+   int exit_code = EXIT_SUCCESS;
+diff --git a/subversion/svnversion/svnversion.c b/subversion/svnversion/svnversion.c
+index da65800467..111db531fd 100644
+--- a/subversion/svnversion/svnversion.c
++++ b/subversion/svnversion/svnversion.c
+@@ -124,7 +124,10 @@ check_lib_versions(void)
+  * program.  Obviously we don't want to have to run svn when building svn.
+  */
+ static svn_error_t *
+-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
++sub_main(int *exit_code,
++         int argc,
++         const svn_cmdline__argv_char_t *cmdline_argv[],
++         apr_pool_t *pool)
+ {
+   const char *wc_path, *trail_url;
+   const char *local_abspath;
+@@ -146,10 +149,13 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+        N_("no progress (only errors) to stderr")},
+       {0,             0,  0,  0}
+     };
++  const char **argv;
+ 
+   /* Check library versions */
+   SVN_ERR(check_lib_versions());
+ 
++  SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool));
++
+ #if defined(WIN32) || defined(__CYGWIN__)
+   /* Set the working copy administrative directory name. */
+   if (getenv("SVN_ASP_DOT_NET_HACK"))
+@@ -289,7 +295,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+ }
+ 
+ int
+-main(int argc, const char *argv[])
++SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[])
+ {
+   apr_pool_t *pool;
+   int exit_code = EXIT_SUCCESS;
+diff --git a/tools/client-side/svn-mergeinfo-normalizer/svn-mergeinfo-normalizer.c b/tools/client-side/svn-mergeinfo-normalizer/svn-mergeinfo-normalizer.c
+index 529621bf7e..1973c6ea3d 100644
+--- a/tools/client-side/svn-mergeinfo-normalizer/svn-mergeinfo-normalizer.c
++++ b/tools/client-side/svn-mergeinfo-normalizer/svn-mergeinfo-normalizer.c
+@@ -408,7 +408,10 @@ svn_min__check_cancel(void *baton)
+  * return SVN_NO_ERROR.
+  */
+ static svn_error_t *
+-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
++sub_main(int *exit_code,
++         int argc,
++         const svn_cmdline__argv_char_t *cmdline_argv[],
++         apr_pool_t *pool)
+ {
+   svn_error_t *err;
+   int opt_id;
+@@ -425,12 +428,15 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+   svn_boolean_t force_interactive = FALSE;
+   apr_hash_t *cfg_hash;
+   svn_boolean_t read_pass_from_stdin = FALSE;
++  const char **argv;
+ 
+   received_opts = apr_array_make(pool, SVN_OPT_MAX_OPTIONS, sizeof(int));
+ 
+   /* Check library versions */
+   SVN_ERR(check_lib_versions());
+ 
++  SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool));
++
+ #if defined(WIN32) || defined(__CYGWIN__)
+   /* Set the working copy administrative directory name. */
+   if (getenv("SVN_ASP_DOT_NET_HACK"))
+@@ -946,7 +952,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+ }
+ 
+ int
+-main(int argc, const char *argv[])
++SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[])
+ {
+   apr_pool_t *pool;
+   int exit_code = EXIT_SUCCESS;
+diff --git a/tools/client-side/svnconflict/svnconflict.c b/tools/client-side/svnconflict/svnconflict.c
+index 572e0f1c72..be934f23c4 100644
+--- a/tools/client-side/svnconflict/svnconflict.c
++++ b/tools/client-side/svnconflict/svnconflict.c
+@@ -632,7 +632,10 @@ svnconflict_resolve_tree(apr_getopt_t *os, void *baton, apr_pool_t *pool)
+  * return SVN_NO_ERROR.
+  */
+ static svn_error_t *
+-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
++sub_main(int *exit_code,
++         int argc,
++         const svn_cmdline__argv_char_t *cmdline_argv[],
++         apr_pool_t *pool)
+ {
+   svn_error_t *err;
+   int opt_id;
+@@ -647,12 +650,15 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+   svn_config_t *cfg_config;
+   apr_hash_t *cfg_hash;
+   svn_boolean_t read_pass_from_stdin = FALSE;
++  const char **argv;
+ 
+   received_opts = apr_array_make(pool, SVN_OPT_MAX_OPTIONS, sizeof(int));
+ 
+   /* Check library versions */
+   SVN_ERR(check_lib_versions());
+ 
++  SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool));
++
+ #if defined(WIN32) || defined(__CYGWIN__)
+   /* Set the working copy administrative directory name. */
+   if (getenv("SVN_ASP_DOT_NET_HACK"))
+@@ -949,7 +955,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+ }
+ 
+ int
+-main(int argc, const char *argv[])
++SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[])
+ {
+   apr_pool_t *pool;
+   int exit_code = EXIT_SUCCESS;
+diff --git a/tools/dev/svnraisetreeconflict/svnraisetreeconflict.c b/tools/dev/svnraisetreeconflict/svnraisetreeconflict.c
+index a68b5d2d8e..784c9bd8e9 100644
+--- a/tools/dev/svnraisetreeconflict/svnraisetreeconflict.c
++++ b/tools/dev/svnraisetreeconflict/svnraisetreeconflict.c
+@@ -302,7 +302,10 @@ check_lib_versions(void)
+  * return SVN_NO_ERROR.
+  */
+ static svn_error_t *
+-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
++sub_main(int *exit_code,
++         int argc,
++         const svn_cmdline__argv_char_t *cmdline_argv[],
++         apr_pool_t *pool)
+ {
+   apr_getopt_t *os;
+   const apr_getopt_option_t options[] =
+@@ -313,10 +316,13 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+       {0,             0,  0,  0}
+     };
+   apr_array_header_t *remaining_argv;
++  const char **argv;
+ 
+   /* Check library versions */
+   SVN_ERR(check_lib_versions());
+ 
++  SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool));
++
+ #if defined(WIN32) || defined(__CYGWIN__)
+   /* Set the working copy administrative directory name. */
+   if (getenv("SVN_ASP_DOT_NET_HACK"))
+@@ -383,7 +389,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+ }
+ 
+ int
+-main(int argc, const char *argv[])
++SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[])
+ {
+   apr_pool_t *pool;
+   int exit_code = EXIT_SUCCESS;
+diff --git a/tools/dev/wc-ng/svn-wc-db-tester.c b/tools/dev/wc-ng/svn-wc-db-tester.c
+index ba63b63680..43cb6b0764 100644
+--- a/tools/dev/wc-ng/svn-wc-db-tester.c
++++ b/tools/dev/wc-ng/svn-wc-db-tester.c
+@@ -156,7 +156,10 @@ check_lib_versions(void)
+  * return SVN_NO_ERROR.
+  */
+ static svn_error_t *
+-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
++sub_main(int *exit_code,
++         int argc,
++         const svn_cmdline__argv_char_t *cmdline_argv[],
++         apr_pool_t *pool)
+ {
+   apr_getopt_t *os;
+   const apr_getopt_option_t options[] =
+@@ -167,10 +170,13 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+       {0,             0,  0,  0}
+     };
+   apr_array_header_t *remaining_argv;
++  const char **argv;
+ 
+   /* Check library versions */
+   SVN_ERR(check_lib_versions());
+ 
++  SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool));
++
+ #if defined(WIN32) || defined(__CYGWIN__)
+   /* Set the working copy administrative directory name. */
+   if (getenv("SVN_ASP_DOT_NET_HACK"))
+@@ -237,7 +243,7 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+ }
+ 
+ int
+-main(int argc, const char *argv[])
++SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[])
+ {
+   apr_pool_t *pool;
+   int exit_code = EXIT_SUCCESS;
+diff --git a/tools/server-side/svnauthz.c b/tools/server-side/svnauthz.c
+index 310757ca46..94d28cc4be 100644
+--- a/tools/server-side/svnauthz.c
++++ b/tools/server-side/svnauthz.c
+@@ -490,7 +490,10 @@ canonicalize_access_file(const char **canonicalized_access_file,
+  * return SVN_NO_ERROR.
+  */
+ static svn_error_t *
+-sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
++sub_main(int *exit_code,
++         int argc,
++         const svn_cmdline__argv_char_t *cmdline_argv[],
++         apr_pool_t *pool)
+ {
+   svn_error_t *err;
+ 
+@@ -499,6 +502,9 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+   apr_getopt_t *os;
+   apr_array_header_t *received_opts;
+   int i;
++  const char **argv;
++
++  SVN_ERR(svn_cmdline__get_cstring_argv(&argv, argc, cmdline_argv, pool));
+ 
+   /* Initialize the FS library. */
+   SVN_ERR(svn_fs_initialize(pool));
+@@ -752,14 +758,14 @@ sub_main(int *exit_code, int argc, const char *argv[], apr_pool_t *pool)
+ }
+ 
+ int
+-main(int argc, const char *argv[])
++SVN_CMDLINE__MAIN(int argc, const svn_cmdline__argv_char_t *argv[])
+ {
+   apr_pool_t *pool;
+   int exit_code = EXIT_SUCCESS;
+   svn_error_t *err;
+ 
+   /* Initialize the app.  Send all error messages to 'stderr'.  */
+-  if (svn_cmdline_init(argv[0], stderr) != EXIT_SUCCESS)
++  if (svn_cmdline_init("svnauthz", stderr) != EXIT_SUCCESS)
+     return EXIT_FAILURE;
+ 
+   pool = svn_pool_create(NULL);
+-- 
+2.33.0
+

backport-CVE-2024-46901.patch

@@ -0,0 +1,239 @@
+From 953982c839d91366b9591f00a5d1e5abb431c9bd Mon Sep 17 00:00:00 2001
+From: Daniel Sahlberg <dsahlberg@apache.org>
+Date: Sun, 8 Dec 2024 23:49:59 +0000
+Subject: [PATCH] Commit the patches for CVE-2024-46901
+
+TODO: Pls help me update the log message
+
+
+git-svn-id: https://svn.apache.org/repos/asf/subversion/trunk@1922383 13f79535-47bb-0310-9956-ffa450edef68
+---
+ .../include/private/svn_repos_private.h       |  8 +++
+ subversion/libsvn_repos/commit.c              |  3 +-
+ subversion/libsvn_repos/repos.c               | 10 +++
+ subversion/mod_dav_svn/lock.c                 |  7 +++
+ subversion/mod_dav_svn/repos.c                | 30 +++++++++
+ subversion/tests/cmdline/mod_dav_svn_tests.py | 62 +++++++++++++++++++
+ 6 files changed, 118 insertions(+), 2 deletions(-)
+
+diff --git a/subversion/include/private/svn_repos_private.h b/subversion/include/private/svn_repos_private.h
+index 5faaab6485..f80100ac56 100644
+--- a/subversion/include/private/svn_repos_private.h
++++ b/subversion/include/private/svn_repos_private.h
+@@ -390,6 +390,14 @@ svn_repos__get_dump_editor(const svn_delta_editor_t **editor,
+                            const char *update_anchor_relpath,
+                            apr_pool_t *pool);
+ 
++/* Validate that the given PATH is a valid pathname that can be stored in
++ * a Subversion repository, according to the name constraints used by the
++ * svn_repos_* layer.
++ */
++svn_error_t *
++svn_repos__validate_new_path(const char *path,
++                             apr_pool_t *scratch_pool);
++
+ #ifdef __cplusplus
+ }
+ #endif /* __cplusplus */
+diff --git a/subversion/libsvn_repos/commit.c b/subversion/libsvn_repos/commit.c
+index dca8887a93..486dedd092 100644
+--- a/subversion/libsvn_repos/commit.c
++++ b/subversion/libsvn_repos/commit.c
+@@ -308,8 +308,7 @@ add_file_or_directory(const char *path,
+   svn_boolean_t was_copied = FALSE;
+   const char *full_path, *canonicalized_path;
+ 
+-  /* Reject paths which contain control characters (related to issue #4340). */
+-  SVN_ERR(svn_path_check_valid(path, pool));
++  SVN_ERR(svn_repos__validate_new_path(path, pool));
+ 
+   SVN_ERR(svn_relpath_canonicalize_safe(&canonicalized_path, NULL, path,
+                                         pool, pool));
+diff --git a/subversion/libsvn_repos/repos.c b/subversion/libsvn_repos/repos.c
+index 2c2267674e..1c9d8dc660 100644
+--- a/subversion/libsvn_repos/repos.c
++++ b/subversion/libsvn_repos/repos.c
+@@ -2092,3 +2092,13 @@ svn_repos__fs_type(const char **fs_type,
+                      svn_dirent_join(repos_path, SVN_REPOS__DB_DIR, pool),
+                      pool);
+ }
++
++svn_error_t *
++svn_repos__validate_new_path(const char *path,
++                             apr_pool_t *scratch_pool)
++{
++  /* Reject paths which contain control characters (related to issue #4340). */
++  SVN_ERR(svn_path_check_valid(path, scratch_pool));
++
++  return SVN_NO_ERROR;
++}
+diff --git a/subversion/mod_dav_svn/lock.c b/subversion/mod_dav_svn/lock.c
+index 7e9c94b64d..d2a6aa9021 100644
+--- a/subversion/mod_dav_svn/lock.c
++++ b/subversion/mod_dav_svn/lock.c
+@@ -36,6 +36,7 @@
+ #include "svn_pools.h"
+ #include "svn_props.h"
+ #include "private/svn_log.h"
++#include "private/svn_repos_private.h"
+ 
+ #include "dav_svn.h"
+ 
+@@ -717,6 +718,12 @@ append_locks(dav_lockdb *lockdb,
+ 
+       /* Commit a 0-byte file: */
+ 
++      if ((serr = svn_repos__validate_new_path(resource->info->repos_path,
++                                               resource->pool)))
++        return dav_svn__convert_err(serr, HTTP_BAD_REQUEST,
++                                    "Request specifies an invalid path.",
++                                    resource->pool);
++
+       if ((serr = dav_svn__get_youngest_rev(&rev, repos, resource->pool)))
+         return dav_svn__convert_err(serr, HTTP_INTERNAL_SERVER_ERROR,
+                                     "Could not determine youngest revision",
+diff --git a/subversion/mod_dav_svn/repos.c b/subversion/mod_dav_svn/repos.c
+index 4eec268f9a..d39b6c7d14 100644
+--- a/subversion/mod_dav_svn/repos.c
++++ b/subversion/mod_dav_svn/repos.c
+@@ -2928,6 +2928,16 @@ open_stream(const dav_resource *resource,
+ 
+   if (kind == svn_node_none) /* No existing file. */
+     {
++      serr = svn_repos__validate_new_path(resource->info->repos_path,
++                                          resource->pool);
++
++      if (serr != NULL)
++        {
++          return dav_svn__convert_err(serr, HTTP_BAD_REQUEST,
++                                      "Request specifies an invalid path.",
++                                      resource->pool);
++        }
++
+       serr = svn_fs_make_file(resource->info->root.root,
+                               resource->info->repos_path,
+                               resource->pool);
+@@ -4120,6 +4130,14 @@ create_collection(dav_resource *resource)
+         return err;
+     }
+ 
++  if ((serr = svn_repos__validate_new_path(resource->info->repos_path,
++                                           resource->pool)) != NULL)
++    {
++      return dav_svn__convert_err(serr, HTTP_BAD_REQUEST,
++                                  "Request specifies an invalid path.",
++                                  resource->pool);
++    }
++
+   if ((serr = svn_fs_make_dir(resource->info->root.root,
+                               resource->info->repos_path,
+                               resource->pool)) != NULL)
+@@ -4194,6 +4212,12 @@ copy_resource(const dav_resource *src,
+         return err;
+     }
+ 
++  serr = svn_repos__validate_new_path(dst->info->repos_path, dst->pool);
++  if (serr)
++    return dav_svn__convert_err(serr, HTTP_BAD_REQUEST,
++                                "Request specifies an invalid path.",
++                                dst->pool);
++
+   src_repos_path = svn_repos_path(src->info->repos->repos, src->pool);
+   dst_repos_path = svn_repos_path(dst->info->repos->repos, dst->pool);
+ 
+@@ -4430,6 +4454,12 @@ move_resource(dav_resource *src,
+   if (err)
+     return err;
+ 
++  serr = svn_repos__validate_new_path(dst->info->repos_path, dst->pool);
++  if (serr)
++    return dav_svn__convert_err(serr, HTTP_BAD_REQUEST,
++                                "Request specifies an invalid path.",
++                                dst->pool);
++
+   /* Copy the src to the dst. */
+   serr = svn_fs_copy(src->info->root.root,  /* the root object of src rev*/
+                      src->info->repos_path, /* the relative path of src */
+diff --git a/subversion/tests/cmdline/mod_dav_svn_tests.py b/subversion/tests/cmdline/mod_dav_svn_tests.py
+index 9628fa9fc0..2489f30310 100755
+--- a/subversion/tests/cmdline/mod_dav_svn_tests.py
++++ b/subversion/tests/cmdline/mod_dav_svn_tests.py
+@@ -686,6 +686,67 @@ def last_modified_header(sbox):
+     raise svntest.Failure('Unexpected Last-Modified header: %s' % last_modified)
+   r.read()
+ 
++@SkipUnless(svntest.main.is_ra_type_dav)
++def create_name_with_control_chars(sbox):
++  "test creating items with control chars in names"
++
++  sbox.build(create_wc=False)
++
++  h = svntest.main.create_http_connection(sbox.repo_url)
++
++  # POST /repos/!svn/me
++  # Create a new transaction.
++  req_body = (
++    '(create-txn-with-props '
++    '(svn:txn-client-compat-version 6 1.14.4 '
++    'svn:txn-user-agent 45 SVN/1.14.4 (x86-microsoft-windows) serf/1.3.9 '
++    'svn:log 0 ))'
++    )
++  headers = {
++    'Authorization': 'Basic ' + base64.b64encode(b'jconstant:rayjandom').decode(),
++    'Content-Type': 'application/vnd.svn-skel',
++  }
++  h.request('POST', sbox.repo_url + '/!svn/me', req_body, headers)
++  r = h.getresponse()
++  if r.status != httplib.CREATED:
++    raise svntest.Failure('Unexpected status: %d %s' % (r.status, r.reason))
++  txn_name = r.getheader('SVN-Txn-Name')
++  r.read()
++
++  # MKCOL /repos/!svn/txn/TXN_NAME/tab%09name
++  # Must fail with a 400 Bad Request.
++  headers = {
++    'Authorization': 'Basic ' + base64.b64encode(b'jconstant:rayjandom').decode(),
++  }
++  h.request('MKCOL', sbox.repo_url + '/!svn/txr/' + txn_name + '/tab%09name', None, headers)
++  r = h.getresponse()
++  if r.status != httplib.BAD_REQUEST:
++    raise svntest.Failure('Unexpected status: %d %s' % (r.status, r.reason))
++  r.read()
++
++  # PUT /repos/!svn/txn/TXN_NAME/tab%09name
++  # Must fail with a 400 Bad Request.
++  headers = {
++    'Authorization': 'Basic ' + base64.b64encode(b'jconstant:rayjandom').decode(),
++  }
++  h.request('PUT', sbox.repo_url + '/!svn/txr/' + txn_name + '/tab%09name', None, headers)
++  r = h.getresponse()
++  if r.status != httplib.BAD_REQUEST:
++    raise svntest.Failure('Unexpected status: %d %s' % (r.status, r.reason))
++  r.read()
++
++  # COPY /repos/!svn/rvr/1/iota -> /repos/!svn/txn/TXN_NAME/tab%09name
++  # Must fail with a 400 Bad Request.
++  headers = {
++    'Authorization': 'Basic ' + base64.b64encode(b'jconstant:rayjandom').decode(),
++    'Destination': sbox.repo_url + '/!svn/txr/' + txn_name + '/tab%09name'
++  }
++  h.request('COPY', sbox.repo_url + '/!svn/rvr/1/iota', None, headers)
++  r = h.getresponse()
++  if r.status != httplib.BAD_REQUEST:
++    raise svntest.Failure('Unexpected status: %d %s' % (r.status, r.reason))
++  r.read()
++
+ 
+ ########################################################################
+ # Run the tests
+@@ -700,6 +761,7 @@ test_list = [ None,
+               propfind_allprop,
+               propfind_propname,
+               last_modified_header,
++              create_name_with_control_chars,
+              ]
+ serial_only = True
+ 
+-- 
+2.33.0
+

subversion-1.14.3-fix-build-errors.patch

@@ -0,0 +1,34 @@
+From 628738a55d5ce1d585011d919ab0b5f5ea25d095 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Thu, 16 Nov 2023 19:35:54 +0800
+Subject: [PATCH] support clang build
+
+---
+ Makefile.in | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/Makefile.in b/Makefile.in
+index 7d65f01..e94472d 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -156,7 +156,7 @@ SWIG_PY_ERRMSG = @SWIG_PY_ERRMSG@
+ SWIG_PL_INCLUDES = @SWIG_PL_INCLUDES@
+ SWIG_PL_ERRMSG = @SWIG_PL_ERRMSG@
+ SWIG_RB_INCLUDES = @SWIG_RB_INCLUDES@ -I$(SWIG_SRC_DIR)/ruby/libsvn_swig_ruby
+-SWIG_RB_COMPILE = @SWIG_RB_COMPILE@
++SWIG_RB_COMPILE = @CC@
+ SWIG_RB_LINK = @SWIG_RB_LINK@
+ SWIG_RB_LIBS = @SWIG_RB_LIBS@
+ SWIG_RB_SITE_LIB_DIR = @SWIG_RB_SITE_LIB_DIR@
+@@ -306,7 +306,7 @@ LINK_SHARED_ONLY_CXX_LIB = $(LINK_CXX_LIB) $(shared_only_LDFLAGS) -shared
+ 
+ # Compilation of SWIG-generated C source code
+ COMPILE_PY_WRAPPER = $(LIBTOOL) $(LTFLAGS) --mode=compile $(SWIG_PY_COMPILE) $(LT_CFLAGS) $(CPPFLAGS) $(SWIG_PY_INCLUDES) -prefer-pic -c -o $@
+-COMPILE_RB_WRAPPER = $(LIBTOOL) $(LTFLAGS) --mode=compile $(SWIG_RB_COMPILE) $(LT_CFLAGS) $(CPPFLAGS) $(SWIG_RB_INCLUDES) -prefer-pic -c -o $@
++COMPILE_RB_WRAPPER = $(LIBTOOL) $(LTFLAGS) --mode=compile $(SWIG_RB_COMPILE) $(LT_CFLAGS) $(CPPFLAGS) $(CFLAGS) $(SWIG_RB_INCLUDES) -prefer-pic -c -o $@
+ 
+ # these commands link the wrapper objects into an extension library/module
+ LINK_PY_WRAPPER = $(LIBTOOL) $(LTFLAGS) --mode=link $(SWIG_PY_LINK) $(SWIG_LDFLAGS) -rpath $(swig_pydir) -avoid-version -module
+-- 
+2.19.1
+

subversion.spec

@@ -10,7 +10,7 @@
 Summary: Subversion, a version control system.
 Name: subversion
 Version: 1.14.3
-Release: 1
+Release: 6
 License: ASL 2.0
 URL: https://subversion.apache.org/
 
@@ -21,6 +21,12 @@ Patch1: subversion-1.14.0-testwarn.patch
 Patch2: subversion-1.14.0-soversion.patch
 Patch3: subversion-1.8.0-rubybind.patch
 Patch4: subversion-1.8.5-swigplWall.patch
+Patch5: subversion-1.14.3-fix-build-errors.patch
+%if "%{?toolchain}" == "clang"
+Patch6: support-clang-build.patch
+%endif
+Patch7: backport-CVE-2024-45720.patch
+Patch8: backport-CVE-2024-46901.patch
 
 BuildRequires: autoconf libtool texinfo which swig gettext apr-devel apr-util-devel libserf-devel cyrus-sasl-devel sqlite-devel file-devel utf8proc-devel lz4-devel apr-util-openssl dbus-devel, libsecret-devel httpd-devel 
 Requires: httpd
@@ -49,8 +55,8 @@ Requires: apr-devel%{?_isa}, apr-util-devel%{?_isa}
 
 %description devel
 Development package for subversion.
+
 %package_help
-Requires: subversion = %{version}-%{release}
 
 %package -n python3-%{name}
 %{?python_provide:%python_provide python3-subversion}
@@ -116,7 +122,7 @@ export svn_cv_ruby_sitedir_libsuffix=""
 export svn_cv_ruby_sitedir_archsuffix=""
 
 export APACHE_LDFLAGS="-Wl,-z,relro,-z,now"
-export CC=gcc CXX=g++ JAVA_HOME=%{jdk_path}
+export CC=%{__cc} CXX=%{__cxx} JAVA_HOME=%{jdk_path}
 
 %configure --with-apr=%{_prefix} --with-apr-util=%{_prefix} \
         --disable-debug \
@@ -314,6 +320,27 @@ make check-javahl
 %endif
 
 %changelog
+* Mon Dec 09 2024 fuanan <fuanan3@h-partners.com> - 1.14.3-6
+- fix CVE-2024-46901
+
+* Wed Oct 09 2024 fuanan <fuanan3@h-partners.com> - 1.14.3-5
+- fix CVE-2024-45720
+
+* Mon Apr 1 2024 luofeng <luofeng13@huawei.com> - 1.14.3-4
+- Type:enhencement
+- CVE:NA
+- SUG:NA
+- DESC: support clang build
+
+* Fri Mar 29 2024 liyuzhe <liyuzhe@cqsoftware.com.cn> - 1.14.3-3
+- Remove non-standard requires from the help subpackage
+
+* Thu Feb 22 2024 luofeng <luofeng13@huawei.com> - 1.14.3-2
+- Type:enhencement
+- CVE:NA
+- SUG:NA
+- DESC: support clang build
+
 * Wed Jan 03 2024 fuanan <fuanan3@h-partners.com> - 1.14.3-1
 - update version to 1.14.3
 

support-clang-build.patch

@@ -0,0 +1,25 @@
+From 3ccb72b8139788450e779576ad19741180adda39 Mon Sep 17 00:00:00 2001
+From: luofeng <luofeng13@huawei.com>
+Date: Wed, 3 Apr 2024 10:20:33 +0800
+Subject: [PATCH] support clang build
+
+---
+ Makefile.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile.in b/Makefile.in
+index e6996a6..56c2361 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -223,7 +223,7 @@ COMPILE_SHARED_ONLY_CXX_LIB = $(LT_COMPILE_CXX) -o $@ -c -shared
+ # special compilation for files destined for libsvn_swig_* (e.g. swigutil_*.c)
+ COMPILE_SWIG_PY = $(LIBTOOL) $(LTFLAGS) --mode=compile $(SWIG_PY_COMPILE) $(CPPFLAGS) $(LT_CFLAGS) -DSWIGPYTHON $(SWIG_PY_INCLUDES) $(INCLUDES) -o $@ -c
+ COMPILE_SWIG_PL = $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) $(CPPFLAGS) $(CFLAGS) $(LT_CFLAGS) $(SWIG_PL_INCLUDES) $(INCLUDES) -o $@ -c
+-COMPILE_SWIG_RB = $(LIBTOOL) $(LTFLAGS) --mode=compile $(SWIG_RB_COMPILE) $(CPPFLAGS) $(LT_CFLAGS) $(SWIG_RB_INCLUDES) $(INCLUDES) -o $@ -c
++COMPILE_SWIG_RB = $(LIBTOOL) $(LTFLAGS) --mode=compile $(SWIG_RB_COMPILE) $(CPPFLAGS) $(CFLAGS) $(LT_CFLAGS) $(SWIG_RB_INCLUDES) $(INCLUDES) -o $@ -c
+ 
+ # special compilation for files destined for javahl (i.e. C++)
+ COMPILE_JAVAHL_CXX = $(LIBTOOL) $(LTCXXFLAGS) --mode=compile $(COMPILE_CXX) $(LT_CFLAGS) $(JAVAHL_INCLUDES) -o $@ -c
+-- 
+2.19.1
+