From 24103171ca2ac77dd2c2189edeb0eaedfcc71be6 Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org>
Date: Sat, 22 Jun 2019 20:41:43 -0700
Subject: [PATCH] CHANGES, release note, README

(cherry picked from commit 8854e284fd056349f7c2a748baa7990c5ccddb59)
---
 CHANGES           | 10 ++++++++++
 README            | 33 ++++++++++++++++++---------------
 README.md         |  6 ++++++
 doc/arm/notes.xml | 29 +++++++++++++++++++++++++++++
 4 files changed, 63 insertions(+), 15 deletions(-)

diff --git a/CHANGES b/CHANGES
index 42a051f3f5..83db35a829 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,13 @@
+5258.	[func]		Added support for the GeoIP2 API from MaxMind,
+			when BIND is compiled using "configure --with-geoip2".
+			The legacy GeoIP API can be enabled by using
+			"configure --with-geoip" instead. These options
+			cannot be used together.
+
+			Certain geoip ACL settings that were available with
+			legacy GeoIP are not available when using GeoIP2.
+			See the ARM for details. [GL #182]
+
 5257.	[bug]		Some statistics data was not being displayed.
 			Add shading to the zone tables. [GL #1030]
 
diff --git a/README b/README
index 7796a709a4..eeffb97d95 100644
--- a/README
+++ b/README
@@ -159,6 +159,11 @@ BIND 9.14.3
 BIND 9.14.3 is a maintenance release, and addresses the security
 vulnerability disclosed in CVE-2019-6471.
 
+BIND 9.14.4
+
+BIND 9.14.4 is a maintenance release, and also adds support for the new
+MaxMind GeoIP2 geolocation API when built with configure --with-geoip2.
+
 Building BIND
 
 Minimally, BIND requires a UNIX or Linux system with an ANSI C compiler,
@@ -188,7 +193,7 @@ make depend. If you're using Emacs, you might find make tags helpful.
 Several environment variables that can be set before running configure
 will affect compilation:
 
-   Variable                            Description
+Variable       Description
 CC             The C compiler to use. configure tries to figure out the
                right one for supported systems.
                C compiler flags. Defaults to include -g and/or -O2 as
@@ -340,7 +345,7 @@ development BIND 9 is included in the file CHANGES, with the most recent
 changes listed first. Change notes include tags indicating the category of
 the change that was made; these categories are:
 
-   Category                            Description
+Category       Description
 [func]         New feature
 [bug]          General bug fix
 [security]     Fix for a significant security flaw
@@ -391,23 +396,21 @@ Acknowledgments
   * The original development of BIND 9 was underwritten by the following
     organizations:
 
-      Sun Microsystems, Inc.
-      Hewlett Packard
-      Compaq Computer Corporation
-      IBM
-      Process Software Corporation
-      Silicon Graphics, Inc.
-      Network Associates, Inc.
-      U.S. Defense Information Systems Agency
-      USENIX Association
-      Stichting NLnet - NLnet Foundation
-      Nominum, Inc.
+    Sun Microsystems, Inc.
+    Hewlett Packard
+    Compaq Computer Corporation
+    IBM
+    Process Software Corporation
+    Silicon Graphics, Inc.
+    Network Associates, Inc.
+    U.S. Defense Information Systems Agency
+    USENIX Association
+    Stichting NLnet - NLnet Foundation
+    Nominum, Inc.
 
   * This product includes software developed by the OpenSSL Project for
     use in the OpenSSL Toolkit. http://www.OpenSSL.org/
-
   * This product includes cryptographic software written by Eric Young
     (eay@cryptsoft.com)
-
   * This product includes software written by Tim Hudson
     (tjh@cryptsoft.com)
diff --git a/README.md b/README.md
index 633fc4546d..cb4177caaa 100644
--- a/README.md
+++ b/README.md
@@ -174,6 +174,12 @@ BIND 9.14.2 is a maintenance release.
 BIND 9.14.3 is a maintenance release, and addresses the security
 vulnerability disclosed in CVE-2019-6471.
 
+#### BIND 9.14.4
+
+BIND 9.14.4 is a maintenance release, and also adds support for
+the new MaxMind GeoIP2 geolocation API when built with
+`configure --with-geoip2`.
+
 ### <a name="build"/> Building BIND
 
 Minimally, BIND requires a UNIX or Linux system with an ANSI C compiler,
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index 924356ee92..03653ec363 100644
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -99,6 +99,35 @@
 
   <section xml:id="relnotes_features"><info><title>New Features</title></info>
     <itemizedlist>
+      <listitem>
+	<para>
+	  The new GeoIP2 API from MaxMind is now supported when BIND
+	  is compiled using <command>configure --with-geoip2</command>.
+	  The legacy GeoIP API can be used by compiling with
+	  <command>configure --with-geoip</command> instead.  (Note that
+	  the databases for the legacy API are no longer maintained by
+	  MaxMind.)
+	</para>
+	<para>
+	  The default path to the GeoIP2 databases will be set based
+	  on the location of the <command>libmaxminddb</command> library;
+	  for example, if it is in <filename>/usr/local/lib</filename>,
+	  then the default path will be
+	  <filename>/usr/local/share/GeoIP</filename>.
+	  This value can be overridden in <filename>named.conf</filename>
+	  using the <command>geoip-directory</command> option.
+	</para>
+	<para>
+	  Some <command>geoip</command> ACL settings that were available with
+	  legacy GeoIP, including searches for <command>netspeed</command>,
+	  <command>org</command>, and three-letter ISO country codes, will
+	  no longer work when using GeoIP2. Supported GeoIP2 database
+	  types are <command>country</command>, <command>city</command>,
+	  <command>domain</command>, <command>isp</command>, and
+	  <command>as</command>. All of the databases support both IPv4
+	  and IPv6 lookups. [GL #182]
+	</para>
+      </listitem>
       <listitem>
 	<para>
 	  Two new metrics have been added to the