From: Roger Dingledine <arma@torproject.org>
Date: Wed, 26 Aug 2009 19:43:18 +0000 (-0400)
Subject: changelog and spec changes for the .exit fix
X-Git-Tag: tor-0.2.2.1-alpha~4
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b7e8a4631fecc3b3e241780bf1d735683562fd97;p=thirdparty%2Ftor.git

changelog and spec changes for the .exit fix
---

diff --git a/ChangeLog b/ChangeLog
index 0a85857c69..a3d76ca4ce 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,10 @@
 Changes in version 0.2.2.1-alpha - 2009-08-26
+  o Security fixes:
+    - Start the process of disabling ".exit" address notation, since it
+      can be used for a variety of esoteric application-level attacks
+      on users. To reenable it, set "AllowDotExit 1" in your torrc. Fix
+      on 0.0.9rc5.
+
   o New directory authorities:
     - Set up urras (run by Jacob Appelbaum) as the seventh v3 directory
       authority.
diff --git a/doc/spec/address-spec.txt b/doc/spec/address-spec.txt
index fdae9b82a4..2e1aff2b8a 100644
--- a/doc/spec/address-spec.txt
+++ b/doc/spec/address-spec.txt
@@ -33,10 +33,13 @@
   "www.google.com.foo.exit=64.233.161.99.foo.exit" to speed subsequent
   lookups.
 
+  The .exit notation is disabled by default as of Tor 0.2.2.1-alpha, due
+  to potential application-level attacks.
+
   EXAMPLES:
      www.example.com.exampletornode.exit
 
-        Connect to www.example.com from the node called "exampletornode."
+        Connect to www.example.com from the node called "exampletornode".
 
      exampletornode.exit