Merge branch '1933-disable-static-linking' into 'main'

Disable and disallow static linking

Closes #1933

See merge request isc-projects/bind9!3697

CHANGES

@@ -1,3 +1,5 @@
+5445.	[cleanup]	Disable and disallow static linking. [GL #1933]
+
 5444.	[bug]		'rndc dnstap -roll <value>' was not limiting the
 			number of saved files to <value>. [GL !3728]
 

configure.ac

@@ -119,7 +119,10 @@ AX_POSIX_SHELL
 AC_PROG_MKDIR_P
 
 # Initialize libtool
-LT_INIT([dlopen])
+LT_INIT([disable-static dlopen pic-only])
+
+AS_IF([test $enable_static != "no"],
+      [AC_MSG_ERROR([Static linking is not supported as it disables dlopen() and certain security features (e.g. RELRO, ASLR)])])
 
 LT_CONFIG_LTDL_DIR([libltdl])
 LTDL_INIT([recursive])

doc/notes/notes-current.rst

@@ -29,7 +29,12 @@ New Features
 Feature Changes
 ~~~~~~~~~~~~~~~
 
-- None.
+- Disable and disallow static linking of BIND 9 binaries and libraries
+  as BIND 9 modules require ``dlopen()`` support and static linking also
+  prevents using security features like read-only relocations (RELRO) or
+  address space layout randomization (ASLR) which are important for
+  programs that interact with the network and process arbitrary user
+  input. [GL #1933]
 
 Bug Fixes
 ~~~~~~~~~