c-ares: Update to version 1.32.1

  - Update from version 1.17.1 to 1.32.1
- Update of rootfile
- There have been 22 version updates that are now being applied. 4 of these releases had
   security issues being addressed and there have been 5 CVE's and fixes
- Changelog
    1.32.1
	Bugfixes:
	    Channel lock needs to be recursive to ensure calls into c-ares functions can
	     be made from callbacks otherwise deadlocks will occur. This regression was
	     introduced in 1.32.0
    1.32.0
	Features:
	    Add support for DNS 0x20 to help prevent cache poisoning attacks, enabled by
	     specifying ARES_FLAG_DNS0x20. Disabled by default. PR #800
	    Rework query timeout logic to automatically adjust timeouts based on network
	     conditions. The timeout specified now is only used as a hint until there is
	     enough history to calculate a more valid timeout. PR #794
	Changes:
	    DNS RR TXT strings should not be automatically concatenated as there are use
	     cases outside of RFC 7208. In order to maintain ABI compliance, the ability
	     to retrieve TXT strings concatenated is retained as well as a new API to
	     retrieve the individual strings. This restores behavior from c-ares 1.20.0.
	     PR #801
	    Clean up header inclusion logic to make hacking on code easier. PR #797
	    GCC/Clang: Enable even more strict warnings to catch more coding flaws. 253bdee
	    MSVC: Enable /W4 warning level. PR #792
	Bugfixes:
	    Tests: Fix thread race condition in test cases for EventThread. PR #803
	    Windows: Fix building with UNICODE. PR #802
	    Thread Saftey: ares_timeout() was missing lock. 74a64e4
	    Fix building with DJGPP (32bit protected mode DOS). PR #789
    1.31.0
	Changes:
	    Enable Query Cache by default. PR #786
	Bugfixes:
	    Enhance Windows DNS configuration change detection to also detect manual DNS
	     configuration changes. PR #785
	    Various legacy MacOS Build fixes. Issue #782
	    Ndots value of zero in resolv.conf was not being honored. 852a60a
	    Watt-32 build support had been broken for some time. PR #781
	    Distribute ares_dns_rec_type_tostr manpage. PR #778
    1.30.0
	Features:
	    Basic support for SIG RR record (RFC 2931 / RFC 2535) PR #773
	Changes:
	    Validation that DNS strings can only consist of printable ascii characters
	     otherwise will trigger a parse failure. 75de16c and 40fb125
	    Windows: use GetTickCount64() for a monotonic timer that does not wrap. 1dff8f6
	Bugfixes:
	    QueryCache: Fix issue where purging on server changes wasn’t working. a6c8fe6
	    Windows: Fix Y2K38 issue by creating our own ares_timeval_t datatype. PR #772
	    Fix packaging issue affecting MacOS due to a missing header. 55afad6
	    MacOS: Fix UBSAN warnings that are likely meaningless due to alignment issues
	     in new MacOS config reader.
	    Android: arm 32bit build failure due to missing symbol. d1722e6
    1.29.0
	Features:
	    When using ARES_OPT_EVENT_THREAD, automatically reload system configuration
	     when network conditions change. PR #759
	    Apple: reimplement DNS configuration reading to more accurately pull DNS
	     settings. PR #750
	    Add observability into DNS server health via a server state callback, invoked
	     whenever a query finishes. PR #744
	    Add server failover retry behavior, where failed servers are retried with
	     small probability after a minimum delay. PR #731
	Changes:
	    Mark ares_channel_t * as const in more places in the public API. PR #758
	Bugfixes:
	    Due to a logic flaw dns name compression writing was not properly implemented
	     which would result in the name prefix not being written for a partial match.
	     This could cause issues in various record types such as MX records when
	     using the deprecated API. Regression introduced in 1.28.0. Issue #757
	    Revert OpenBSD SOCK_DNS flag, it doesn’t do what the docs say it does and
	     causes c-ares to become non-functional. PR #754
	    ares_getnameinfo(): loosen validation on salen parameter. Issue #752
	    cmake: Android requires C99. PR #748
	    ares_queue_wait_empty() does not honor timeout_ms >= 0. Issue #742
    1.28.1
	This release contains a fix for a single significant regression introduced in
	 c-ares 1.28.0.
	    ares_search() and ares_getaddrinfo() resolution fails if no search domains
	     are specified. Issue #737
    1.28.0
	Features:
	    Emit warnings when deprecated c-ares functions are used. This can be disabled
	     by passing a compiler definition of CARES_NO_DEPRECATED. PR #732
	    Add function ares_search_dnsrec() to search for records using the new DNS
	     record data structures. PR #719
	    Rework internals to pass around ares_dns_record_t instead of binary data,
	     this introduces new public functions of ares_query_dnsrec() and
	     ares_send_dnsrec(). PR #730
	Changes:
	    tests: when performing simulated queries, reduce timeouts to make tests run
	     faster
	    Replace configuration file parsers with memory-safe parser. PR #725
	    Remove acountry completely, the manpage might still get installed otherwise.
	     Issue #718
	Bugfixes:
	    CMake: don’t overwrite global required libraries/definitions/includes which
	     could cause build errors for projects chain building c-ares. Issue #729
	    On some platforms, netinet6/in6.h is not included by netinet/in.h and needs
	     to be included separately. PR #728
	    Fix a potential memory leak in ares_init(). Issue #724
	    Some platforms don’t have the isascii() function. Implement as a macro. PR #721
	    CMake: Fix Chain building if CMAKE runtime paths not set
	    NDots configuration should allow a value of zero. PR #735
    1.27.0
	Security:
	    Moderate. CVE-2024-25629. Reading malformatted /etc/resolv.conf,
	     /etc/nsswitch.conf or the HOSTALIASES file could result in a crash.
	     GHSA-mg26-v6qh-x48q
	Features:
	    New function ares_queue_active_queries() to retrieve number of in-flight
	     queries. PR #712
	    New function ares_queue_wait_empty() to wait for the number of in-flight
	     queries to reach zero. PR #710
	    New ARES_FLAG_NO_DEFLT_SVR for ares_init_options() to return a failure if no
	     DNS servers can be found rather than attempting to use 127.0.0.1. This also
	     introduces a new ares status code of ARES_ENOSERVER. PR #713
	Changes:
	    EDNS Packet size should be 1232 as per DNS Flag Day. PR #705
	Bugfixes:
	    Windows DNS suffix search list memory leak. PR #711
	    Fix warning due to ignoring return code of write(). PR #709
	    CMake: don’t override target output locations if not top-level. Issue #708
	    Fix building c-ares without thread support. PR #700
    1.26.0
	Features:
	    Event Thread support. Integrators are no longer required to monitor the file
	     descriptors registered by c-ares for events and call ares_process() when
	     enabling the event thread feature via ARES_OPT_EVENT_THREAD passed to
	     ares_init_options(). PR #696
	    Added flags to are_dns_parse() to force RAW packet parsing. PR #693
	Changes:
	    Mark ares_fds() as deprecated. PR #691
	Bugfixes:
	    adig: Differentiate between internal and server errors. e10b16a
	    Autotools allow make to override CFLAGS/CPPFLAGS/CXXFLAGS. PR #695
	    Autotools: fix building for 32bit windows due to stdcall symbol mangling.
	     PR #689
	    RR Name should not be sanity checked against the Question. PR #685
    1.25.0
	Changes:
	    AutoTools: rewrite build system to be lighter weight and fix issues in some
	     semi-modern systems. It is likely this has broken building on some less
	     common and legacy OSs, please report issues. PR #674
	    Rewrite ares_strsplit() as a wrapper for ares__buf_split() for memory safety
	     reasons. 88c444d
	    The ahost utility now uses ares_getaddrinfo() and returns both IPv4 and IPv6
	     addresses by default. PR #669
	    OpenBSD: Add SOCK_DNS flag when creating socket. PR #659
	Bugfixes:
	    Tests: Live reverse lookups for Google’s public DNS servers no longer return
	     results, replace with CloudFlare pubic DNS servers. 1231aa7
	    MacOS legacy SDKs require sys/socket.h before net/if.h PR #673
	    Connection failures should increment the server failure count first or a
	     retry might be enqueued to the same server. 05181a6
	    On systems that don’t implement the ability to enumerate network interfaces
	     the stubs used the wrong prototype. eebfe0c
	    Fix minor warnings and documentation typos. PR #666
	    Fix support for older GoogleTest versions. d186f11
	    getrandom() may require sys/random.h on some systems. Issue #665
	    Fix building tests with symbol hiding enabled. Issue #664
    1.24.0
	Features:
	    Add support for IPv6 link-local DNS servers. Nameserver formats can now
	     accept the %iface suffix, and a new ares_get_servers_csv() function was
	     added to return servers that can contain the link-local interface name.
	Changes:
	    Unbundle GoogleTest for test cases. Package maintainers will now need to
	     require GoogleTest (GMock) as a build dependency if building tests. New
	     GoogleTest versions require C++14 or later.
	    Replace nameserver parsing code to use new memory-safe functions.
	    Replace the sortlist parser with new memory-safe functions.
	    Various warning fixes and dead code removal.
	Bugfixes:
	    Old Linux versions require POSIX_C_SOURCE or _GNU_SOURCE to compile with
	     thread safety support.
	    A non-responsive DNS server that caused timeouts wouldn’t increment the
	     failure count, this would lead to other servers not being tried. Regression
	     introduced in 1.22.0.
	    Some projects that depend on c-ares expect invalid parameter option values
	     passed into ares_init_options() to simply be ignored. This behavior has been
	     restored.
	    On linux getrandom() can fail if the kernel doesn’t support the syscall, fall
	     back to another random source.
	    ares_cancel() when performing ares_gethostbyname() or ares_getaddrinfo() with
	     AF_UNSPEC, if called after one address class was returned but before the
	     other address class, it would return ARES_SUCCESS rather than ARES_ECANCELLED.
    1.23.0
	Features:
	    Introduce optional (but on by default) thread-safety for the c-ares library.
	     This has no API nor ABI implications.
	    resolv.conf in modern systems uses attempts and timeouts options instead of
	     the old retrans and retry options.
	    Query caching support based on TTL of responses. Can be enabled via
	     ares_init_options() with ARES_OPT_QUERY_CACHE.
	Bugfixes:
	    ares_init_options() for ARES_OPT_UDP_PORT and ARES_OPT_TCP_PORT accept the
	     port in host byte order, but it was reading it as network byte order.
	     Regression introduced in 1.20.0.
	    ares_init_options() for ARES_FLAG_NOSEARCH was not being honored for
	     ares_getaddrinfo() or ares_gethostbyname(). Regression introduced in 1.16.0.
	    Autotools MacOS and iOS version check was failing
	    Environment variables passed to c-ares are meant to be an override for system
	     configuration. Regression introduced in 1.22.0.
	    Spelling fixes as detected by codespell.
	    The timeout returned by ares_timeout() was truncated to milliseconds but
	     validated to microseconds which could cause a user to attempt to process
	     timeouts prior to the timeout actually expiring.
	    CMake was not honoring CXXFLAGS passed in via the environment which could
	     cause compile and link errors with distribution hardening flags during
	     packaging.
	    Fix Windows UWP and Cygwin compilation.
	    ares_set_servers_*() for legacy reasons needs to accept an empty server list
	     and zero out all servers. This results in an inoperable channel and thus is
	     only used in simulation testing, but we don’t want to break users.
	     Regression introduced in 1.21.0.
    1.22.1
	Bugfixes:
	    Fix /etc/hosts processing performance with all entries using same IPaddress.
	     Large hosts files using the same IP address for all entries could use
	     exponential time.
	    Fix typos in manpages
	    Fix OpenWatcom building
    1.22.0
	Features:
	    ares_reinit() is now implemented to re-read any system configuration and
	     immediately apply to an existing ares channel
	    The adig command line program has been rewritten and its format now more
	     closely matches that of BIND’s dig utility
	    The new DNS message parser and writer functions have now been made public
	    RFC9460 HTTPS and SVCB records are now supported
	    RFC6698 TLSA records are now supported
	    The server list is now internally dynamic and can be changed without
	     impacting existing queries
	    Hosts file processing is now cached until the file is detected to be changed
	     to speed up repetitive lookups of large hosts files
	Changes:
	    Internally all DNS messages are now written using the new DNS writing functions
	    EDNS is now enabled by default
	    Internal cleanups in function prototypes
	Bugfixes:
	    Randomize retry penalties to prevent thundering herd issues when dns servers
	     throttle requests
	    Fix Windows build error for missing if_indextoname()
    1.21.0
	Changes:
	    Provide better man page cross-links.
	    Introduce ares_status_t as an enum rather than using #define list and integer
	     data type for internal functions.
	    Introduce ares_bool_t datatype rather than using an integer with 0/1 so it is
	     clear based on the function prototype what it returns.
	    Increase compiler warning levels by default.
	    Use size_t and other more proper datatypes internally (rather than int).
	    Many developers have used different code styles over the years, standardize
	     on one and use clang-format to enforce the style.
	    CMake can now control symbol visibility
	    Replace multiple DNS hand-made parsers with new memory-safe DNS message parser.
	Bugfixes:
	    Tools: STAYOPEN flag could make tools not terminate.
	    Socket callbacks were passed SOCK_STREAM instead of SOCK_DGRAM on udp.
    1.20.1
	Bugfixes:
	    Resolve use-after-free issue when TCP connection is terminated before a
	     response is returned
	    Reduce number of queries for a load test case to prevent overloading some
	     build systems
	    Fix fuzz test build target
    1.20.0
	Changes:
	    Update from 1989 MIT license text to modern MIT license text
	    Remove acountry from built tools as nerd.dk is gone
	    Add new ARES_OPT_UDP_MAX_QUERIES configuration option to limit the number of
	     queries that can be made from a single ephemeral port
	    Default per-query timeout has been reduced to 2s with a 3x retry count
	    Modernization: start implementing some common data structures that are easy
	     to use and hard to misuse. This will make code refactoring easier and remove
	     some varied implementations in use. This change also makes ares_timeout()
	     more efficient
	    Use SPDX identifiers and a REUSE CI job to verify
	    rand: add support for getrandom()
	Bug fixes:
	    TCP back to back queries were broken
	    Ensure queries for ares_getaddrinfo() are not requeued during destruction
	    ares_getaddrinfo() should not retry other address classes if one address
	     class has already been returned
	    Avoid production ill-formed result when qualifying a name with the root domain
	    Fix missing prefix for CMake generated libcares.pc
	    DNS server ports will now be read from system configuration instead of
	     defaulting to port 53
	    Remove some unreachable code
	    Replace usages of sprintf with snprintf
	    Fix Watcom instructions and update Windows URLs
    1.19.1
	Security:
	    CVE-2023-32067. High. 0-byte UDP payload causes Denial of Service
	    CVE-2023-31147 Moderate. Insufficient randomness in generation of DNS query IDs
	    CVE-2023-31130. Moderate. Buffer Underwrite in ares_inet_net_pton()
	    CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE during cross
	     compilation
	Bug fixes:
	    Fix uninitialized memory warning in test
	    Turn off IPV6_V6ONLY on Windows to allow IPv4-mapped IPv6 addresses
	    ares_getaddrinfo() should allow a port of 0
	    Fix memory leak in ares_send() on error
	    Fix comment style in ares_data.h
	    Remove unneeded ifdef for Windows
	    Fix typo in ares_init_options.3
	    Re-add support for Watcom compiler
	    Sync ax_pthread.m4 with upstream
	    Windows: Invalid stack variable used out of scope for HOSTS path
	    Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support
    1.19.0
	Security:
	    Low. Stack overflow in ares_set_sortlist() which is used during c-ares
	     initialization and typically provided by an administrator and not an end user.
	Changes:
	    Windows: Drop support for XP and derivatives which greatly cleans up
	     initialization code.
	    Add ARES_OPT_HOSTS_FILE similar to ARES_OPT_RESOLVCONF for specifying a
	     custom hosts file location.
	    Add vcpkg installation instructions
	Bug fixes:
	    Fix cross-compilation from Windows to Linux due to CPACK logic.
	    Fix memory leak in reading /etc/hosts when using localhost fallback.
	    Fix chain building c-ares when libresolv is already included by another project
	    File lookup should not immediately abort as there may be other tries due to
	     search criteria.
	    Asterisks should be allowed in host validation as CNAMEs may reference
	     wildcard domains
	    AutoTools build system referenced bad STDC_HEADERS macro
	    Even if one address class returns a failure for ares_getaddrinfo() we should
	     still return the results we have
	    CMake Windows: DLLs did not include resource file to include versions
	    CMake: Guard target creation in exported config
	    Fix ares_getaddrinfo() numerical address resolution with AF_UNSPEC
	    Apple: fix libresolv configured query times.
	    Fix tools and help information
	    Various documentation fixes and cleanups
	    Add include guards to ares_data.h
	    c-ares could try to exceed maximum number of iovec entries supported by system
	    CMake package config generation allow for absolute install paths
	    Intel compiler fixes
	    ares_strsplit bugs
	    The RFC6761 6.3 states localhost subdomains must be offline too.
    1.18.1
	Bug fixes:
	    ares_getaddrinfo() would return ai_addrlen of 16 for ipv6 adddresses rather
	     than the sizeof(struct sockaddr_in6)
    1.18.0
	Changes:
	    Add support for URI(Uniform Resource Identifier) records via
	     ares_parse_uri_reply()
	    Provide ares_nameser.h as a public interface as needed by NodeJS
	    Update URLs from c-ares.haxx.se to c-ares.org
	    During a domain search, treat ARES_ENODATA as ARES_NXDOMAIN so that the
	     search process will continue to the next domain in the search.
	    Turn ares_gethostbyname() into a wrapper for ares_getaddrinfo() as they
	     followed very similar code paths and ares_gethostbyaddr() has some more
	     desirable features such as priority sorting and parallel queries for
	     AF_UNSPEC.
	    ares_getaddrinfo() now contains a name element in the address info structure
	     as the last element. This is not an API or ABI break due to the structure
	     always being internally allocated and it being the last element.
	    ares_parse_a_reply() and ares_parse_aaaa_reply() were nearly identical,
	     those now use the same helper functions for parsing rather than having
	     their own code.
	    RFC6761 Section 6.3 says “localhost” lookups need to be special cased to
	     return loopback addresses, and not forward queries to recursive dns servers.
	     On Windows this now returns all loopback addresses, on other systems it
	     returns 127.0.0.1 or ::1 always, and will never forward a request for
	     “localhost” to outside DNS servers.
	    Haiku: port
	Bug fixes:
	    add build to .gitignore
	    z/OS minor update, add missing semicolon in ares_init.c
	    Fix building when latest ax_code_coverage.m4 is imported
	    Work around autotools ‘error: too many loops’ and other newer autotools
	     import related bugs.
	    MinGW cross builds need advapi32 link as lower case
	    Cygwin build fix due to containing both socket.h and winsock2.h
	    ares_expand_name should allow underscores (_) as SRV records legitimately
	     use them
	    Allow ‘/’ as a valid character for a returned name for CNAME in-addr.arpa
	     delegation
	    ares_getaddrinfo() was not honoring HOSTALIASES
	    ares_getaddrinfo() had some test cases disabled due to a bug in the test
	     framework itself which has now been resolved
    1.17.2
	Security:
	    NodeJS passes NULL for addr and 0 for addrlen to ares_parse_ptr_reply() on
	     systems where malloc(0) returns NULL. This would cause a crash.
	    When building c-ares with CMake, the RANDOM_FILE would not be set and
	     therefore downgrade to the less secure random number generator
	    If ares_getaddrinfo() was terminated by an ares_destroy(), it would cause a
	     crash
	    Crash in sortaddrinfo() if the list size equals 0 due to an unexpected DNS
	     response
	    Expand number of escaped characters in DNS replies as per RFC1035 5.1 to
	     prevent spoofing follow-up
	    Perform validation on hostnames to prevent possible XSS due to applications
	     not performing valiation themselves
	Changes:
	    Use non-blocking /dev/urandom for random data to prevent early startup
	     performance issues
	    z/OS port
	    ares_malloc(0) is now defined behavior (returns NULL) rather than
	     system-specific to catch edge cases
	Bug fixes:
	    Fuzz testing files were not distributed with official archives
	    Building tests should not force building of static libraries except on Windows
	    Windows builds of the tools would fail if built as static due to a missing
	     CARES_STATICLIB definition
	    Relative headers must use double quotes to prevent pulling in a system library
	    Fix OpenBSD building by implementing portability updates for including
	     arpa/nameser.h
	    Fix building out-of-tree for autotools
	    Make install on MacOS/iOS with CMake was missing the bundle destination so
	     libraries weren’t actually installed
	    Fix retrieving DNS server configuration on MacOS and iOS if the configuration
	     did not include search domains
	    ares_parse_a_reply and ares_parse_aaa_reply were erroneously using strdup()
	     instead of ares_strdup()

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 config/rootfiles/packages/c-ares | 91 +++++++++++++++++++++++++++++++-
 lfs/c-ares                       | 15 +++---
 2 files changed, 96 insertions(+), 10 deletions(-)