fix CVE-2021-31348

(cherry picked from commit 97b24e5cf6bc302075febd7707e65d9444e03e36)

CVE-2021-31348.patch

@@ -0,0 +1,12 @@
+diff -Naru "netcdf-c-4.7.3 copy/libdap4/ezxml.c" netcdf-c-4.7.3/libdap4/ezxml.c
+--- "netcdf-c-4.7.3 copy/libdap4/ezxml.c"	2022-07-13 10:24:32.128424000 +0800
++++ netcdf-c-4.7.3/libdap4/ezxml.c	2022-07-13 10:24:57.220170000 +0800
+@@ -574,7 +574,7 @@
+             for (l = 0; *s && ((! l && *s != '>') || (l && (*s != ']' ||
+                  *(s + strspn(s + 1, EZXML_WS) + 1) != '>')));
+                  l = (*s == '[') ? 1 : l) s += strcspn(s + 1, "[]>") + 1;
+-            if (! *s && e != '>')
++            if (! *s)
+                 return ezxml_err(root, d, "unclosed <!DOCTYPE");
+             d = (l) ? strchr(d, '[') + 1 : d;
+             if (l && ! ezxml_internal_dtd(root, d, s++ - d)) return &root->xml;

netcdf.spec

@@ -1,11 +1,12 @@
 Name:           netcdf
 Version:        4.7.3
-Release:        1
+Release:        2
 Summary:        Libraries for the Unidata network Common Data Form
 
 License:        NetCDF
 URL:            https://github.com/Unidata/netcdf-c
 Source0:        https://github.com/Unidata/netcdf-c/archive/v%{version}/%{name}-%{version}.tar.gz
+Patch0000:      CVE-2021-31348.patch
 
 BuildRequires:  make
 BuildRequires:  environment-modules
@@ -290,6 +291,9 @@ make %{?_smp_mflags} -C build check
 %endif
 
 %changelog
+* Wed Jul 13 2022 dengyuyu <yuyu.deng@epro.com.cn> - 4.7.3-2
+- fix CVE-2021-31348
+
 * Fri Tue 30 2021 caodongxia <caodongxia@huawei.com> - 4.7.3-1
 - Upgrade to 4.7.3