[CVE-2020-8616] [CVE-2020-8617] Merge 9.14.12 release branch

See merge request !3564

1388 confidential issue security v9 14

See merge request isc-private/bind9!152

from max-recursion-queries limits.

Add a system test that counts how many address fetches are made
for different numbers of NS records and checks that the number
are successfully limited.

1703 tsig verify failure security v9 14

See merge request isc-private/bind9!149

If there are more that 5 NS record for a zone only perform a
maximum of 4 address lookups for all the name servers.  This
limits the amount of remote lookup performed for server
addresses at each level for a given query.

Prepare release notes for BIND 9.14.12

See merge request !3496

Incorrect job in needs, gcc:asan -> clang:asan

See merge request !3463

(cherry picked from commit 0adf9562)

[v9_14] Fix "srcid" on Windows

See merge request !3372

Windows BIND releases produced by GitLab CI are built from Git
repositories, not from release tarballs, which means the "srcid" file is
not present in the top source directory when MSBuild is invoked.  This
causes the Git commit hash for such builds to be set to "unset_id".
Enable win32utils/Configure to try determining the commit hash for a
build by invoking Git on the build host if the "srcid" file is not
present (which is what its Unix counterpart does).

(cherry picked from commit 05e13e7c)

Merge branch '1574-confidential-issue-rebinding-protection-fail-in-forwarding-mode-v9_14' into 'v9_14'

Resolve "DNS rebinding protection is ineffective when BIND is configured as a forwarding DNS server"

See merge request !3344

This test asserts that option "deny-answer-aliases" works correctly
when forwarding requests.

As a matter of example, the behavior expected for a forwarder BIND
instance, having an option such as deny-answer-aliases { "domain"; }
is that when forwarding a request for *.anything-but-domain, it is
expected that it will return SERVFAIL if any answer received has a CNAME
for "*.domain".

BIND wasn't honoring option "deny-answer-aliases" when configured to
forward queries.

Before the fix it was possible for nameservers listed in "forwarders"
option to return CNAME answers pointing to unrelated domains of the
original query, which could be used as a vector for rebinding attacks.

The fix ensures that BIND apply filters even if configured as a forwarder
instance.

Fix new warnings reported by scan-build from LLVM/Clang 10 (v9.14) v2

See merge request !3297

These are mostly false positives, the clang-analyzer FAQ[1] specifies
why and how to fix it:

> The reason the analyzer often thinks that a pointer can be null is
> because the preceding code checked compared it against null. So if you
> are absolutely sure that it cannot be null, remove the preceding check
> and, preferably, add an assertion as well.

The 2 warnings reported are:

dnssec-cds.c:781:4: warning: Access to field 'base' results in a dereference of a null pointer (loaded from variable 'buf')
                        isc_buffer_availableregion(buf, &r);
                        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/builds/isc-projects/bind9/lib/isc/include/isc/buffer.h:996:36: note: expanded from macro 'isc_buffer_availableregion'
                                   ^
/builds/isc-projects/bind9/lib/isc/include/isc/buffer.h:821:16: note: expanded from macro 'ISC__BUFFER_AVAILABLEREGION'
                (_r)->base = isc_buffer_used(_b);              \
                             ^~~~~~~~~~~~~~~~~~~
/builds/isc-projects/bind9/lib/isc/include/isc/buffer.h:152:29: note: expanded from macro 'isc_buffer_used'
        ((void *)((unsigned char *)(b)->base + (b)->used)) /*d*/
                                   ^~~~~~~~~
1 warning generated.

--

./main.c:1254:9: warning: Access to field 'sctx' results in a dereference of a null pointer (loaded from variable 'named_g_server')
        sctx = named_g_server->sctx;
               ^~~~~~~~~~~~~~~~~~~~
1 warning generated.

References:
1. https://clang-analyzer.llvm.org/faq.html#null_pointer

The 1 warning reported is:

os.c:872:7: warning: Although the value stored to 'ptr' is used in the enclosing expression, the value is never actually read from 'ptr'
        if ((ptr = strtok_r(command, " \t", &last)) == NULL) {
             ^     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.

[v9_14] Miscellaneous .gitlab-ci.yml cleanups

See merge request !3301

Some YAML anchors defined in .gitlab-ci.yml are not subsequently used.
Remove them to prevent confusion.

(cherry picked from commit 3d121ede)

compiledb is already included in the Docker image used by the cppcheck
job.  Do not attempt installing it again.

(cherry picked from commit 3d264dbe)

Most build/test job names already contain a "clang", "gcc", or "msvc"
prefix which indicates the compiler used for a given job.  Apply that
naming convention to all build/test job names.

(cherry picked from commit 0c898084)

Multiple YAML keys have identical values for both TSAN unit test job
definitions.  Extract these common keys to a YAML anchor and use it in
TSAN unit test job definitions to reduce code duplication.

(cherry picked from commit 84463f33)