Merge branch 'maint-0.2.1_secfix' into maint-0.2.2_secfix

Conflicts:
	src/or/connection_or.c

2 files changed, 30 insertions, 0 deletions

diff --git a/changes/issue-2011-10-19L b/changes/issue-2011-10-19L
new file mode 100644
index 0000000000..1fefd7267e
--- /dev/null
+++ b/changes/issue-2011-10-19L
@@ -0,0 +1,21 @@
+  o Security fixes:
+
+    - Don't send TLS certificate chains on outgoing OR connections
+      from clients and bridges.  Previously, each client or bridge
+      would use a single cert chain for all outgoing OR connections
+      for up to 24 hours, which allowed any relay connected to by a
+      client or bridge to determine which entry guards it is using.
+      This is a potential user-tracing bug for *all* users; everyone
+      who uses Tor's client or hidden service functionality should
+      upgrade.  Fixes CVE-2011-2768.  Bugfix on FIXME; found by
+      frosty_un.
+
+    - Don't use any OR connection on which we have received a
+      CREATE_FAST cell to satisfy an EXTEND request.  Previously, we
+      would not consider whether a connection appears to be from a
+      client or bridge when deciding whether to use that connection to
+      satisfy an EXTEND request.  Mitigates CVE-2011-2768, by
+      preventing an attacker from determining whether an unpatched
+      client is connected to a patched relay.  Bugfix on FIXME; found
+      by frosty_un.
+
diff --git a/changes/issue-2011-10-23G b/changes/issue-2011-10-23G
new file mode 100644
index 0000000000..45f86754f0
--- /dev/null
+++ b/changes/issue-2011-10-23G
@@ -0,0 +1,9 @@
+  o Security fixes:
+
+    - Reject CREATE and CREATE_FAST cells on outgoing OR connections
+      from a bridge to a relay.  Previously, we would accept them and
+      handle them normally, thereby allowing a malicious relay to
+      easily distinguish bridges which connect to it from clients.
+      Fixes CVE-2011-2769.  Bugfix on 0.2.0.3-alpha, when bridges were
+      implemented; found by frosty_un.
+