subversion: update to 1.4.2 (security).

HIS RELEASE CONTAINS TWO IMPORTANT SECURITY FIXES:

CVE-2021-28544
"SVN authz protected copyfrom paths regression"

The full security advisory for CVE-2021-28544 is available at:
    https://subversion.apache.org/security/CVE-2021-28544-advisory.txt
    https://subversion.apache.org/security/CVE-2021-28544-advisory.txt.asc

A brief summary of this advisory follows:

  Subversion servers reveal 'copyfrom' paths that should be hidden according to
  configured path-based authorization (authz) rules.  When a node has been
  copied from a protected location, users with access to the copy can see the
  `copyfrom' path of the original.  This also reveals the fact that
  the node was copied.
  Only the 'copyfrom' path is revealed; not its contents. Both httpd
  and svnserve
  servers are vulnerable.

  We recommend all users to upgrade to a known fixed release of the
  Subversion server.

  This issue was reported by Evgeny Kotkov

CVE-2022-24070
"Subversion's mod_dav_svn is vulnerable to memory corruption"

The full security advisory for CVE-2022-24070 is available at:
    https://subversion.apache.org/security/CVE-2022-24070-advisory.txt
    https://subversion.apache.org/security/CVE-2022-24070-advisory.txt.asc

A brief summary of this advisory follows:

  While looking up path-based authorization rules, mod_dav_svn servers
  may attempt to use memory which has already been freed.

  We recommend all users to upgrade to a known fixed release of the
  Subversion server.

  This issue was reported by Thomas Wei��schuh

(bsiegert)