deps: update c-ares to 1.19.1

PR-URL: nodejs#48115
Backport-PR-URL: https://github.com/nodejs-private/node-private/pull/437
Reviewed-By: Michaël Zasso <[email protected]>
Reviewed-By: Rafael Gonzaga <[email protected]>
Reviewed-By: Rich Trott <[email protected]>

# Conflicts:
#	deps/cares/CHANGES
#	deps/cares/CMakeLists.txt
#	deps/cares/RELEASE-NOTES
#	deps/cares/aminclude_static.am
#	deps/cares/configure
#	deps/cares/configure.ac
#	deps/cares/include/ares_version.h
#	deps/cares/src/lib/Makefile.in
#	deps/cares/src/lib/ares_data.h
#	deps/cares/src/lib/ares_destroy.c
#	deps/cares/src/lib/ares_getaddrinfo.c
#	deps/cares/src/lib/ares_init.c
#	deps/cares/src/lib/ares_strsplit.c

Author: RafaelGSS

deps/cares/CHANGES

@@ -8,10 +8,10 @@ INCLUDE (CheckCSourceCompiles)
 INCLUDE (CheckStructHasMember)
 INCLUDE (CheckLibraryExists)
 
-PROJECT (c-ares LANGUAGES C VERSION "1.18.0" )
+PROJECT (c-ares LANGUAGES C VERSION "1.19.1" )
 
 # Set this version before release
-SET (CARES_VERSION "1.18.1")
+SET (CARES_VERSION "1.19.1")
 
 INCLUDE (GNUInstallDirs) # include this *AFTER* PROJECT(), otherwise paths are wrong.
 
@@ -26,7 +26,7 @@ INCLUDE (GNUInstallDirs) # include this *AFTER* PROJECT(), otherwise paths are w
 # For example, a version of 4:0:2 would generate output such as:
 #    libname.so   -> libname.so.2
 #    libname.so.2 -> libname.so.2.2.0
-SET (CARES_LIB_VERSIONINFO "7:1:5")
+SET (CARES_LIB_VERSIONINFO "8:1:6")
 
 
 OPTION (CARES_STATIC     "Build as a static library"                                             OFF)
@@ -36,6 +36,8 @@ OPTION (CARES_STATIC_PIC "Build the static library as PIC (position independent)
 OPTION (CARES_BUILD_TESTS "Build and run tests"                                                  OFF)
 OPTION (CARES_BUILD_CONTAINER_TESTS "Build and run container tests (implies CARES_BUILD_TESTS, Linux only)" OFF)
 OPTION (CARES_BUILD_TOOLS "Build tools"                                                          ON)
+SET    (CARES_RANDOM_FILE "/dev/urandom" CACHE STRING "Suitable File / Device Path for entropy, such as /dev/urandom")
+
 
 # Tests require static to be enabled on Windows to be able to access otherwise hidden symbols
 IF (CARES_BUILD_TESTS AND (NOT CARES_STATIC) AND WIN32)
@@ -82,9 +84,14 @@ SET (TARGETS_INST_DEST
 
 # Function in Library
 # CHECK_LIBRARY_EXISTS can't be used as it will return true if the function
-# is found in a different dependent library.
+# is found in a different required/dependent library.
 MACRO (CARES_FUNCTION_IN_LIBRARY func lib var)
+
+	SET (_ORIG_CMAKE_REQUIRED_LIBRARIES "${CMAKE_REQUIRED_LIBRARIES}")
+	SET (CMAKE_REQUIRED_LIBRARIES )
 	CHECK_FUNCTION_EXISTS ("${func}" "_CARES_FUNC_IN_LIB_GLOBAL_${func}")
+	SET (CMAKE_REQUIRED_LIBRARIES "${_ORIG_CMAKE_REQUIRED_LIBRARIES}")
+
 	IF ("${_CARES_FUNC_IN_LIB_GLOBAL_${func}}")
 		SET (${var} FALSE)
 	ELSE ()
@@ -386,6 +393,8 @@ CHECK_SYMBOL_EXISTS (strncasecmp     "${CMAKE_EXTRA_INCLUDE_FILES}" HAVE_STRNCAS
 CHECK_SYMBOL_EXISTS (strncmpi        "${CMAKE_EXTRA_INCLUDE_FILES}" HAVE_STRNCMPI)
 CHECK_SYMBOL_EXISTS (strnicmp        "${CMAKE_EXTRA_INCLUDE_FILES}" HAVE_STRNICMP)
 CHECK_SYMBOL_EXISTS (writev          "${CMAKE_EXTRA_INCLUDE_FILES}" HAVE_WRITEV)
+CHECK_SYMBOL_EXISTS (arc4random_buf  "${CMAKE_EXTRA_INCLUDE_FILES}" HAVE_ARC4RANDOM_BUF)
+
 
 # On Android, the system headers may define __system_property_get(), but excluded
 # from libc.  We need to perform a link test instead of a header/symbol test.
@@ -397,10 +406,6 @@ SET (CMAKE_REQUIRED_DEFINITIONS)
 SET (CMAKE_REQUIRED_LIBRARIES)
 
 
-find_file(CARES_RANDOM_FILE urandom /dev)
-mark_as_advanced(CARES_RANDOM_FILE)
-
-
 ################################################################################
 # recv, recvfrom, send, getnameinfo, gethostname
 # ARGUMENTS AND RETURN VALUES
@@ -689,6 +694,12 @@ IF (CARES_INSTALL)
     if( ${CMAKE_SYSTEM_NAME} STREQUAL "Linux" )
 
         if ( "${CPACK_PACKAGE_ARCHITECTURE}" STREQUAL "" )
+            set( CPACK_PACKAGE_ARCHITECTURE "${CMAKE_SYSTEM_PROCESSOR}" )
+        endif()
+        if ( "${CPACK_PACKAGE_ARCHITECTURE}" STREQUAL "" )
+            if ( "${CMAKE_HOST_SYSTEM_NAME}" STREQUAL "Windows" )
+                message( FATAL_ERROR "Failed to determine CPACK_PACKAGE_ARCHITECTURE. Is CMAKE_SYSTEM_PROCESSOR set?" )
+            endif()
             # Note: the architecture should default to the local architecture, but it
             # in fact comes up empty.  We call `uname -m` to ask the kernel instead.
             EXECUTE_PROCESS( COMMAND uname -m COMMAND tr -d '\n' OUTPUT_VARIABLE CPACK_PACKAGE_ARCHITECTURE )

deps/cares/CMakeLists.txt

@@ -1,6 +1,7 @@
 #
 #  Watcom / OpenWatcom / Win32 makefile for cares.
 #  Quick hack by Guenter; comments to: /dev/nul
+#  Updated by Douglas R. Reno, comments to: [email protected]. 2023
 #
 
 !ifndef %watcom
@@ -38,9 +39,9 @@ MD = mkdir
 RD = rmdir /q /s 2>NUL
 CP = copy
 
-CFLAGS = -3r -mf -hc -zff -zgf -zq -zm -zc -s -fr=con -w2 -fpi -oilrtfm &
-         -wcd=201 -bt=nt -d+ -dWIN32 -dCARES_BUILDING_LIBRARY           &
-         -dNTDDI_VERSION=0x05010000 -I. $(SYS_INCL)
+CFLAGS = -3r -mf -hc -zff -zgf -zq -zm -zc -s -fr=con -w2 -fpi -oilrtfm -aa &
+         -wcd=201 -bt=nt -d+ -dWIN32 -dCARES_BUILDING_LIBRARY               &
+         -dNTDDI_VERSION=0x06000000 -I. -I.\include -I.\src\lib $(SYS_INCL)
 
 LFLAGS = option quiet, map, caseexact, eliminate
 
@@ -69,7 +70,7 @@ LIB_ARG  = $(OBJ_BASE)\stat\wlib.arg
 !ifneq __MAKEOPTS__ -u
 !error You MUST call wmake with the -u switch!
 !else
-!include Makefile.inc
+!include src\lib\Makefile.inc
 !endif
 
 OBJS = $(CSOURCES:.c=.obj)
@@ -82,10 +83,11 @@ OBJ_DIR    = $(OBJ_BASE)\stat
 OBJS_STAT  = $+ $(OBJS) $-
 
 OBJ_DIR    = $(OBJ_BASE)\dyn
-OBJS_DYN   = $+ $(OBJS) $-
+OBJS_DYN   += $(OBJS) $-
 
 ARESBUILDH = ares_build.h
 RESOURCE   = $(OBJ_BASE)\dyn\cares.res
+ARESBUILDH = include\ares_build.h
 
 all: $(ARESBUILDH) $(OBJ_BASE) $(TARGETS) $(DEMOS) .SYMBOLIC
 	@echo Welcome to cares
@@ -94,25 +96,31 @@ $(OBJ_BASE):
 	-$(MD) $^@
 	-$(MD) $^@\stat
 	-$(MD) $^@\dyn
-	-$(MD) $^@\demos
+	-$(MD) $^@\tools
 
 $(ARESBUILDH): .EXISTSONLY
-	$(CP) $^@.dist $^@
+	@echo Make sure to run buildconf.bat!
 
 $(LIBNAME).dll: $(OBJS_DYN) $(RESOURCE) $(LINK_ARG)
 	$(LD) name $^@ @$]@
 
 $(LIBNAME).lib: $(OBJS_STAT) $(LIB_ARG)
 	$(AR) -q -b -c $^@ @$]@
 
-adig.exe: $(OBJ_BASE)\demos\adig.obj $(OBJ_BASE)\demos\ares_getopt.obj $(LIBNAME).lib
-	$(LD) name $^@ system nt $(LFLAGS) file { $(OBJ_BASE)\demos\ares_getopt.obj $[@ } library $]@, ws2_32.lib
+$(OBJ_BASE)\tools\ares_getopt.obj:
+	$(CC) $(CFLAGS) -DCARES_STATICLIB .\src\tools\ares_getopt.c -fo=$^@
 
-ahost.exe: $(OBJ_BASE)\demos\ahost.obj $(OBJ_BASE)\demos\ares_getopt.obj $(LIBNAME).lib
-	$(LD) name $^@ system nt $(LFLAGS) file { $(OBJ_BASE)\demos\ares_getopt.obj $[@ } library $]@, ws2_32.lib
+adig.exe: $(OBJ_BASE)\tools\ares_getopt.obj $(LIBNAME).lib
+	$(CC) $(CFLAGS) src\tools\adig.c -fo=$(OBJ_BASE)\tools\adig.obj
+	$(LD) name $^@ system nt $(LFLAGS) file { $(OBJ_BASE)\tools\adig.obj $[@ } library $]@, ws2_32.lib, iphlpapi.lib
 
-acountry.exe: $(OBJ_BASE)\demos\acountry.obj $(OBJ_BASE)\demos\ares_getopt.obj $(LIBNAME).lib
-	$(LD) name $^@ system nt $(LFLAGS) file { $(OBJ_BASE)\demos\ares_getopt.obj $[@ } library $]@, ws2_32.lib
+ahost.exe: $(OBJ_BASE)\tools\ares_getopt.obj $(LIBNAME).lib
+	$(CC) $(CFLAGS) src\tools\ahost.c -fo=$(OBJ_BASE)\tools\ahost.obj
+	$(LD) name $^@ system nt $(LFLAGS) file { $(OBJ_BASE)\tools\ahost.obj $[@ } library $]@, ws2_32.lib, iphlpapi.lib
+
+acountry.exe: $(OBJ_BASE)\tools\ares_getopt.obj $(LIBNAME).lib
+	$(CC) $(CFLAGS) src\tools\acountry.c -fo=$(OBJ_BASE)\tools\acountry.obj
+	$(LD) name $^@ system nt $(LFLAGS) file { $(OBJ_BASE)\tools\acountry.obj $[@ } library $]@, ws2_32.lib, iphlpapi.lib
 
 clean: .SYMBOLIC
 	-$(RM) $(OBJS_STAT)
@@ -124,24 +132,23 @@ vclean realclean: clean .SYMBOLIC
 	-$(RM) $(DEMOS) $(DEMOS:.exe=.map)
 	-$(RD) $(OBJ_BASE)\stat
 	-$(RD) $(OBJ_BASE)\dyn
-	-$(RD) $(OBJ_BASE)\demos
+	-$(RD) $(OBJ_BASE)\tools
 	-$(RD) $(OBJ_BASE)
 
 .ERASE
-$(RESOURCE): cares.rc .AUTODEPEND
+.c: .\src\lib
+
+.ERASE
+$(RESOURCE): src\lib\cares.rc .AUTODEPEND
 	$(RC) $(DEBUG) -q -r -zm -I..\include $(SYS_INCL) $[@ -fo=$^@
 
 .ERASE
 .c{$(OBJ_BASE)\dyn}.obj:
-	$(CC) $(CFLAGS) -bd $[@ -fo=$^@
+	$(CC) $(CFLAGS) -bd .\src\lib\$^& -fo=$^@
 
 .ERASE
 .c{$(OBJ_BASE)\stat}.obj:
-	$(CC) $(CFLAGS) -DCARES_STATICLIB $[@ -fo=$^@
-
-.ERASE
-.c{$(OBJ_BASE)\demos}.obj:
-	$(CC) $(CFLAGS) -DCARES_STATICLIB $[@ -fo=$^@
+	$(CC) $(CFLAGS) -DCARES_STATICLIB .\src\lib\$^& -fo=$^@
 
 $(LINK_ARG): $(__MAKEFILES__)
 	%create $^@
@@ -155,6 +162,7 @@ $(LINK_ARG): $(__MAKEFILES__)
 	@%append $^@ library $(%watt_root)\lib\wattcpw_imp.lib
 !else
 	@%append $^@ library ws2_32.lib
+	@%append $^@ library iphlpapi.lib
 !endif
 
 $(LIB_ARG): $(__MAKEFILES__)

deps/cares/Makefile.Watcom

@@ -96,6 +96,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/ax_ac_append_to_file.m4 \
 	$(top_srcdir)/m4/ax_am_macros_static.m4 \
 	$(top_srcdir)/m4/ax_check_gnu_make.m4 \
 	$(top_srcdir)/m4/ax_code_coverage.m4 \
+	$(top_srcdir)/m4/ax_cxx_compile_stdcxx.m4 \
 	$(top_srcdir)/m4/ax_cxx_compile_stdcxx_11.m4 \
 	$(top_srcdir)/m4/ax_file_escapes.m4 \
 	$(top_srcdir)/m4/ax_require_defined.m4 \

deps/cares/Makefile.in

@@ -1,85 +1,57 @@
-c-ares version 1.18.1
+c-ares version 1.19.1
 
-This is an urgent bugfix release for a regression made in 1.18.0.
+This is a security and bugfix release.
 
-Bug fixes:
- o ares_getaddrinfo() would return ai_addrlen of 16 for ipv6
-   adddresses rather than the sizeof(struct sockaddr_in6)
-
-
-
-c-ares version 1.18.0
-
-This is a feature and bugfix release.  It addresses a couple of new feature
-requests as well as a couple of bug fixes.
+A special thanks goes out to the Open Source Technology Improvement Fund
+(https://ostif.org) for sponsoring a security audit of c-ares performed by X41
+(https://x41-dsec.de).
 
-Changes:
- o Add support for URI(Uniform Resource Identifier) records via
-   ares_parse_uri_reply() [1]
- o Provide ares_nameser.h as a public interface as needed by NodeJS [5]
- o Update URLs from c-ares.haxx.se to c-ares.org [9]
- o During a domain search, treat ARES_ENODATA as ARES_NXDOMAIN so that the
-   search process will continue to the next domain in the search.  [11]
- o Turn ares_gethostbyname() into a wrapper for ares_getaddrinfo() as they
-   followed very similar code paths and ares_gethostbyaddr() has some more
-   desirable features such as priority sorting and parallel queries for
-   AF_UNSPEC. [12]
- o ares_getaddrinfo() now contains a name element in the address info
-   structure as the last element.  This is not an API or ABI break due to
-   the structure always being internally allocated and it being the last
-   element. [12]
- o ares_parse_a_reply() and ares_parse_aaaa_reply() were nearly identical, those
-   now use the same helper functions for parsing rather than having their own
-   code. [12]
- o RFC6761 Section 6.3 says "localhost" lookups need to be special cased to
-   return loopback addresses, and not forward queries to recursive dns servers.
-   On Windows this now returns all loopback addresses, on other systems it
-   returns 127.0.0.1 or ::1 always, and will never forward a request for
-   "localhost" to outside DNS servers. [13]
- o Haiki: port [14]
+Security:
+ o CVE-2023-32067. High. 0-byte UDP payload causes Denial of Service [12]
+ o CVE-2023-31147. Moderate. Insufficient randomness in generation of DNS
+   query IDs [13]
+ o CVE-2023-31130. Moderate. Buffer Underwrite in ares_inet_net_pton() [14]
+ o CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE during cross
+   compilation [15]
 
 Bug fixes:
- o add build to .gitignore [2]
- o z/OS minor update, add missing semicolon in ares_init.c [3]
- o Fix building when latest ax_code_coverage.m4 is imported [4]
- o Work around autotools 'error: too many loops' and other newer autotools
-   import related bugs.
- o MinGW cross builds need advapi32 link as lower case [6]
- o Cygwin build fix due to containing both socket.h and winsock2.h [7]
- o ares_expand_name should allow underscores (_) as SRV records legitimately use
-   them [8]
- o Allow '/' as a valid character for a returned name for CNAME in-addr.arpa
-   delegation [10]
- o ares_getaddrinfo() was not honoring HOSTALIASES [12]
- o ares_getaddrinfo() had some test cases disabled due to a bug in the test
-   framework itself which has now been resolved [12]
- o Due to Travis-CI becoming unfriendly to open-source, Cirrus-CI has now been
-   brought online for automated unit testing.
+ o Fix uninitialized memory warning in test [1]
+ o Turn off IPV6_V6ONLY on Windows to allow IPv4-mapped IPv6 addresses [2]
+ o ares_getaddrinfo() should allow a port of 0 [3]
+ o Fix memory leak in ares_send() on error [4]
+ o Fix comment style in ares_data.h [5]
+ o Remove unneeded ifdef for Windows [6]
+ o Fix typo in ares_init_options.3 [7]
+ o Re-add support for Watcom compiler [8]
+ o Sync ax_pthread.m4 with upstream [9]
+ o Windows: Invalid stack variable used out of scope for HOSTS path [10]
+ o Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support [11]
 
 Thanks go to these friendly people for their efforts and contributions:
-  Biswapriyo Nath (@Biswa96)
   Brad House (@bradh352)
-  Daniel Bevenius (@danbev)
+  @Chilledheart
   Daniel Stenberg (@bagder)
-  Dhrumil Rana (@dhrumilrana)
-  Felix Yan (@felixonmars)
-  Jérôme Duval (@korli)
-  Martin Holeš (@martin-256)
-  Sinan Kaya
+  Douglas R. Reno (@renodr)
+  Gregor Jasny (@gjasny)
+  Jay Freeman (@saurik)
+  @lifenjoiner
+  Nikolaos Chatzikonstantinou (@createyourpersonalaccount)
+  Yijie Ma (@yijiem)
 (9 contributors)
 
 References to bug reports and discussions on issues:
- [1] = https://github.com/c-ares/c-ares/pull/411
- [2] = https://github.com/c-ares/c-ares/pull/410
- [3] = https://github.com/c-ares/c-ares/pull/414
- [4] = https://github.com/c-ares/c-ares/pull/418
- [5] = https://github.com/c-ares/c-ares/pull/417
- [6] = https://github.com/c-ares/c-ares/pull/420
- [7] = https://github.com/c-ares/c-ares/pull/422
- [8] = https://github.com/c-ares/c-ares/issues/424
- [9] = https://github.com/c-ares/c-ares/issues/423
- [10] = https://github.com/c-ares/c-ares/issues/427
- [11] = https://github.com/c-ares/c-ares/issues/426
- [12] = https://github.com/c-ares/c-ares/pull/428
- [13] = https://github.com/c-ares/c-ares/pull/430
- [14] = https://github.com/c-ares/c-ares/pull/431
+ [1] = https://github.com/c-ares/c-ares/pull/515
+ [2] = https://github.com/c-ares/c-ares/pull/520
+ [3] = https://github.com/c-ares/c-ares/issues/517
+ [4] = https://github.com/c-ares/c-ares/pull/511
+ [5] = https://github.com/c-ares/c-ares/pull/513
+ [6] = https://github.com/c-ares/c-ares/pull/512
+ [7] = https://github.com/c-ares/c-ares/pull/510
+ [8] = https://github.com/c-ares/c-ares/pull/509
+ [9] = https://github.com/c-ares/c-ares/pull/507
+ [10] = https://github.com/c-ares/c-ares/pull/502
+ [11] = https://github.com/c-ares/c-ares/pull/505
+ [12] = https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc
+ [13] = https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2
+ [14] = https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v
+ [15] = https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4

deps/cares/RELEASE-NOTES

@@ -1190,6 +1190,7 @@ m4_include([m4/ax_add_am_macro_static.m4])
 m4_include([m4/ax_am_macros_static.m4])
 m4_include([m4/ax_check_gnu_make.m4])
 m4_include([m4/ax_code_coverage.m4])
+m4_include([m4/ax_cxx_compile_stdcxx.m4])
 m4_include([m4/ax_cxx_compile_stdcxx_11.m4])
 m4_include([m4/ax_file_escapes.m4])
 m4_include([m4/ax_require_defined.m4])

deps/cares/aclocal.m4

@@ -1,6 +1,6 @@
 
 # aminclude_static.am generated automatically by Autoconf
-# from AX_AM_MACROS_STATIC on Wed Oct 27 08:06:13 CEST 2021
+# from AX_AM_MACROS_STATIC on Mon May 22 14:23:05 CEST 2023
 
 
 # Code coverage