From e097d99f0daf73e12048d66918a0c759d3cbd07a Mon Sep 17 00:00:00 2001
From: ajs124 <git@ajs124.de>
Date: Thu, 29 Apr 2021 17:49:33 +0200
Subject: [PATCH 1/2] py3c: init at 1.3.1

---
 pkgs/development/libraries/py3c/default.nix | 31 +++++++++++++++++++++
 pkgs/top-level/all-packages.nix             |  2 ++
 2 files changed, 33 insertions(+)
 create mode 100644 pkgs/development/libraries/py3c/default.nix

diff --git a/pkgs/development/libraries/py3c/default.nix b/pkgs/development/libraries/py3c/default.nix
new file mode 100644
index 00000000000..2a89161ef38
--- /dev/null
+++ b/pkgs/development/libraries/py3c/default.nix
@@ -0,0 +1,31 @@
+{ lib, stdenv, fetchFromGitHub, python2, python3 }:
+
+stdenv.mkDerivation rec {
+  pname = "py3c";
+  version = "1.3.1";
+
+  src = fetchFromGitHub {
+    owner = "encukou";
+    repo = pname;
+    rev = "v${version}";
+    sha256 = "04i2z7hrig78clc59q3i1z2hh24g7z1bfvxznlzxv00d4s57nhpi";
+  };
+
+  makeFlags = [
+    "prefix=${placeholder "out"}"
+  ];
+
+  doCheck = true;
+
+  checkInputs = [
+    python2
+    python3
+  ];
+
+  meta = with lib; {
+    homepage = "https://github.com/encukou/py3c";
+    description = "Python 2/3 compatibility layer for C extensions";
+    license = licenses.mit;
+    maintainers = with maintainers; [ ajs124 ];
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 2da323ce708..1456529d7b2 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -12028,6 +12028,8 @@ in
   pypy27Packages = pypy27.pkgs;
   pypy3Packages = pypy3.pkgs;
 
+  py3c = callPackage ../development/libraries/py3c { };
+
   pythonManylinuxPackages = callPackage ./../development/interpreters/python/manylinux { };
 
   update-python-libraries = callPackage ../development/interpreters/python/update-python-libraries { };

From 1e7720531aab24693775500065c80f54c8b13176 Mon Sep 17 00:00:00 2001
From: ajs124 <git@ajs124.de>
Date: Mon, 26 Apr 2021 02:43:55 +0200
Subject: [PATCH 2/2] subversion: 1.12.2 -> 1.14.1

---
 .../subversion/CVE-2020-17525.patch               | 15 ---------------
 .../version-management/subversion/default.nix     | 13 ++++++-------
 2 files changed, 6 insertions(+), 22 deletions(-)
 delete mode 100644 pkgs/applications/version-management/subversion/CVE-2020-17525.patch

diff --git a/pkgs/applications/version-management/subversion/CVE-2020-17525.patch b/pkgs/applications/version-management/subversion/CVE-2020-17525.patch
deleted file mode 100644
index c844c3773e3..00000000000
--- a/pkgs/applications/version-management/subversion/CVE-2020-17525.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-Patch included in advisory @ https://subversion.apache.org/security/CVE-2020-17525-advisory.txt
-
---- a/subversion/libsvn_repos/config_file.c
-+++ b/subversion/libsvn_repos/config_file.c
-@@ -237,6 +237,10 @@ get_repos_config(svn_stream_t **stream,
-     {
-       /* Search for a repository in the full path. */
-       repos_root_dirent = svn_repos_find_root_path(dirent, scratch_pool);
-+      if (repos_root_dirent == NULL)
-+        return svn_error_trace(handle_missing_file(stream, checksum, access,
-+                                                   url, must_exist,
-+                                                   svn_node_none));
- 
-       /* Attempt to open a repository at repos_root_dirent. */
-       SVN_ERR(svn_repos_open3(&access->repos, repos_root_dirent, NULL,
diff --git a/pkgs/applications/version-management/subversion/default.nix b/pkgs/applications/version-management/subversion/default.nix
index 9f780de748e..042dafbb674 100644
--- a/pkgs/applications/version-management/subversion/default.nix
+++ b/pkgs/applications/version-management/subversion/default.nix
@@ -6,13 +6,13 @@
 , javahlBindings ? false
 , saslSupport ? false
 , lib, stdenv, fetchurl, apr, aprutil, zlib, sqlite, openssl, lz4, utf8proc
-, apacheHttpd ? null, expat, swig ? null, jdk ? null, python ? null, perl ? null
+, apacheHttpd ? null, expat, swig ? null, jdk ? null, python3 ? null, py3c ? null, perl ? null
 , sasl ? null, serf ? null
 }:
 
 assert bdbSupport -> aprutil.bdbSupport;
 assert httpServer -> apacheHttpd != null;
-assert pythonBindings -> swig != null && python != null;
+assert pythonBindings -> swig != null && python3 != null && py3c != null;
 assert javahlBindings -> jdk != null && perl != null;
 
 let
@@ -31,7 +31,7 @@ let
 
     buildInputs = [ zlib apr aprutil sqlite openssl lz4 utf8proc ]
       ++ lib.optional httpSupport serf
-      ++ lib.optional pythonBindings python
+      ++ lib.optionals pythonBindings [ python3 py3c ]
       ++ lib.optional perlBindings perl
       ++ lib.optional saslSupport sasl;
 
@@ -91,7 +91,7 @@ let
 
     enableParallelBuilding = true;
 
-    checkInputs = [ python ];
+    checkInputs = [ python3 ];
     doCheck = false; # fails 10 out of ~2300 tests
 
     meta = with lib; {
@@ -116,8 +116,7 @@ in {
   };
 
   subversion = common {
-    version = "1.12.2";
-    sha256 = "0wgpw3kzsiawzqk4y0xgh1z93kllxydgv4lsviim45y5wk4bbl1v";
-    extraPatches = [ ./CVE-2020-17525.patch ];
+    version = "1.14.1";
+    sha256 = "1ag1hvcm9q92kgalzbbgcsq9clxnzmbj9nciz9lmabjx4lyajp9c";
   };
 }