Path-based authorization ignores most specific path

Hello!

--Summary--

Path-based authorization seems to not work as documented
currently: The most specific path is *not* used.

Version: server=1.6.17, client=1.8.8 or 1.8.13

Might be a reincarnation of (closed?) Issue 3242:

    http://svn.haxx.se/users/archive-2010-01/0124.shtml
    http://subversion.tigris.org/issues/show_bug.cgi?id=3242

--Description--

The documentation says (for all versions since 1.5):

    The thing to remember is that the most specific path always
    matches first.
    
    http://svnbook.red-bean.com/en/1.5/svn.serverconfig.pathbasedauthz.html

I'm having the following lines concerning repository `proj` in my
`access` file. As you can see, `/pub` should be publicly readable,
but nothing else:

Current access file contains:

    [groups]
    proj_staff = [...]
    proj_other = [...]

    [proj:/]
    @proj_staff = rw
    @proj_other = r

    [proj:/pub]
    * = r
    @proj_staff = rw

    [proj:/eval]
    @proj_other =

    [proj:/group]
    @proj_other = rw

    [proj:/group/foo]
    foo = rw

The problem is:

  * I can *NOT* `svn co https://...proj/pub` without authentification.

As expected, though:

  * I can read `https://...proj/pub` in a web browser without
    authentification.

  * I can `svn export https://...proj/pub` without authentification.

This has been working until recently, probably with SVN 1.4.x on the
server side. Unfortunately I do not administer the subversion/apache
setup, so I do not have access to other config files.

Is ist a known issue? How can I fix it?

Thanks for helping!

Regards
Stefan

-- 
http://stefan-klinger.de                                      o/X
                                                              /\/
                                                                \