From: Evan Hunt <each@isc.org>
Date: Sun, 23 Jun 2019 03:41:43 +0000 (-0700)
Subject: CHANGES, release note, README
X-Git-Tag: v9.11.9~7^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cc92ebf6f7f4c9f6a7f22208b38b59e1fa45a44d;p=thirdparty%2Fbind9.git

CHANGES, release note, README

(cherry picked from commit 8854e284fd056349f7c2a748baa7990c5ccddb59)
(cherry picked from commit 24103171ca2ac77dd2c2189edeb0eaedfcc71be6)
---

diff --git a/CHANGES b/CHANGES
index 0720ac7770b..519edb62085 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,16 @@
 5260.	[bug]		dnstap-read was producing malformed output for large
 			packets. [GL #1093]
 
+5258.	[func]		Added support for the GeoIP2 API from MaxMind,
+			when BIND is compiled using "configure --with-geoip2".
+			The legacy GeoIP API can be enabled by using
+			"configure --with-geoip" instead. These options
+			cannot be used together.
+
+			Certain geoip ACL settings that were available with
+			legacy GeoIP are not available when using GeoIP2.
+			See the ARM for details. [GL #182]
+
 5257.	[bug]		Some statistics data was not being displayed.
 			Add shading to the zone tables. [GL #1030]
 
diff --git a/README b/README
index e3dd9c60c35..065ae7af7ef 100644
--- a/README
+++ b/README
@@ -251,9 +251,9 @@ disclosed in CVE-2017-3145.
 BIND 9.11.4
 
 BIND 9.11.4 is a maintenance release, and addresses the security flaw
-disclosed in CVE-2018-5738. It also introduces "root key sentinel" support,
-enabling validating resolvers to indicate via a special query which trust
-anchors are configured for the root zone.
+disclosed in CVE-2018-5738. It also introduces "root key sentinel"
+support, enabling validating resolvers to indicate via a special query
+which trust anchors are configured for the root zone.
 
 BIND 9.11.5
 
@@ -267,7 +267,7 @@ correcting faulty documentation and introducing the following new feature:
 BIND 9.11.6
 
 BIND 9.11.6 is a maintenance release, and also addresses the security
-flaws disclosed in CVE-2018-5744, CVE-2018-5745, CVE-2018-5744, and
+flaws disclosed in CVE-2018-5743, CVE-2018-5745, CVE-2018-5744, and
 CVE-2019-6465.
 
 BIND 9.11.7
@@ -280,6 +280,11 @@ BIND 9.11.8
 BIND 9.11.8 is a maintenance release, and also addresses the security flaw
 disclosed in CVE-2019-6471.
 
+BIND 9.11.9
+
+BIND 9.11.9 is a maintenance release, and also adds support for the new
+MaxMind GeoIP2 geolocation API when built with configure --with-geoip2.
+
 Building BIND
 
 BIND requires a UNIX or Linux system with an ANSI C compiler, basic POSIX
@@ -302,7 +307,7 @@ make depend. If you're using Emacs, you might find make tags helpful.
 Several environment variables that can be set before running configure
 will affect compilation:
 
-   Variable                            Description
+Variable       Description
 CC             The C compiler to use. configure tries to figure out the
                right one for supported systems.
                C compiler flags. Defaults to include -g and/or -O2 as
@@ -464,7 +469,7 @@ development BIND 9 is included in the file CHANGES, with the most recent
 changes listed first. Change notes include tags indicating the category of
 the change that was made; these categories are:
 
-   Category                            Description
+Category       Description
 [func]         New feature
 [bug]          General bug fix
 [security]     Fix for a significant security flaw
@@ -499,8 +504,8 @@ issue number. Prior to 2018, these were usually of the form [RT #NNN] and
 referred to entries in the "bind9-bugs" RT database, which was not open to
 the public. More recent entries use the form [GL #NNN] or, less often, [GL
 !NNN], which, respectively, refer to issues or merge requests in the
-Gitlab database. Most of these are publicly readable, unless they
-include information which is confidential or security senstive.
+Gitlab database. Most of these are publicly readable, unless they include
+information which is confidential or security senstive.
 
 To look up a Gitlab issue by its number, use the URL https://
 gitlab.isc.org/isc-projects/bind9/issues/NNN. To look up a merge request,
@@ -515,23 +520,21 @@ Acknowledgments
   * The original development of BIND 9 was underwritten by the following
     organizations:
 
-      Sun Microsystems, Inc.
-      Hewlett Packard
-      Compaq Computer Corporation
-      IBM
-      Process Software Corporation
-      Silicon Graphics, Inc.
-      Network Associates, Inc.
-      U.S. Defense Information Systems Agency
-      USENIX Association
-      Stichting NLnet - NLnet Foundation
-      Nominum, Inc.
+    Sun Microsystems, Inc.
+    Hewlett Packard
+    Compaq Computer Corporation
+    IBM
+    Process Software Corporation
+    Silicon Graphics, Inc.
+    Network Associates, Inc.
+    U.S. Defense Information Systems Agency
+    USENIX Association
+    Stichting NLnet - NLnet Foundation
+    Nominum, Inc.
 
   * This product includes software developed by the OpenSSL Project for
     use in the OpenSSL Toolkit. http://www.OpenSSL.org/
-
   * This product includes cryptographic software written by Eric Young
     (eay@cryptsoft.com)
-
   * This product includes software written by Tim Hudson
     (tjh@cryptsoft.com)
diff --git a/README.md b/README.md
index 448ba576bfa..ddc6dc2a1b2 100644
--- a/README.md
+++ b/README.md
@@ -295,6 +295,12 @@ flaw disclosed in CVE-2018-5743.
 BIND 9.11.8 is a maintenance release, and also addresses the security
 flaw disclosed in CVE-2019-6471.
 
+#### BIND 9.11.9
+
+BIND 9.11.9 is a maintenance release, and also adds support for
+the new MaxMind GeoIP2 geolocation API when built with
+`configure --with-geoip2`.
+
 ### <a name="build"/> Building BIND
 
 BIND requires a UNIX or Linux system with an ANSI C compiler, basic POSIX
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index 0b4400c2fb4..23d2710f68d 100644
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -81,6 +81,40 @@
     </itemizedlist>
   </section>
 
+  <section xml:id="relnotes_features"><info><title>New Features</title></info>
+    <itemizedlist>
+      <listitem>
+	<para>
+	  The new GeoIP2 API from MaxMind is now supported when BIND
+	  is compiled using <command>configure --with-geoip2</command>.
+	  The legacy GeoIP API can be used by compiling with
+	  <command>configure --with-geoip</command> instead.  (Note that
+	  the databases for the legacy API are no longer maintained by
+	  MaxMind.)
+	</para>
+	<para>
+	  The default path to the GeoIP2 databases will be set based
+	  on the location of the <command>libmaxminddb</command> library;
+	  for example, if it is in <filename>/usr/local/lib</filename>,
+	  then the default path will be
+	  <filename>/usr/local/share/GeoIP</filename>.
+	  This value can be overridden in <filename>named.conf</filename>
+	  using the <command>geoip-directory</command> option.
+	</para>
+	<para>
+	  Some <command>geoip</command> ACL settings that were available with
+	  legacy GeoIP, including searches for <command>netspeed</command>,
+	  <command>org</command>, and three-letter ISO country codes, will
+	  no longer work when using GeoIP2. Supported GeoIP2 database
+	  types are <command>country</command>, <command>city</command>,
+	  <command>domain</command>, <command>isp</command>, and
+	  <command>as</command>. All of the databases support both IPv4
+	  and IPv6 lookups. [GL #182]
+	</para>
+      </listitem>
+    </itemizedlist>
+  </section>
+
   <section xml:id="relnotes_bugs"><info><title>Bug Fixes</title></info>
     <itemizedlist>
       <listitem>