From: Ondřej Surý <ondrej@isc.org>
Date: Wed, 17 Jun 2020 12:28:23 +0000 (+0200)
Subject: Add CHANGES and release note for #1933
X-Git-Tag: v9.17.3~41^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7f24d4b4764d6cb8665cf1ca8118ad7eef991eff;p=thirdparty%2Fbind9.git

Add CHANGES and release note for #1933
---

diff --git a/CHANGES b/CHANGES
index 4d69ed53720..1ef3b55bf85 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+5445.	[cleanup]	Disable and disallow static linking. [GL #1933]
+
 5444.	[bug]		'rndc dnstap -roll <value>' was not limiting the
 			number of saved files to <value>. [GL !3728]
 
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index 862929d49e5..8c6e86a3b98 100644
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -29,7 +29,12 @@ New Features
 Feature Changes
 ~~~~~~~~~~~~~~~
 
-- None.
+- Disable and disallow static linking of BIND 9 binaries and libraries
+  as BIND 9 modules require ``dlopen()`` support and static linking also
+  prevents using security features like read-only relocations (RELRO) or
+  address space layout randomization (ASLR) which are important for
+  programs that interact with the network and process arbitrary user
+  input. [GL #1933]
 
 Bug Fixes
 ~~~~~~~~~