Fix socket timeout handling.

Fixes STARTTLS hangs reported by Thomas Jarosch.
author: Matthias Andree <matthias.andree@gmx.de> 2011-05-22 22:50:58 +0200
committer: Matthias Andree <matthias.andree@gmx.de> 2011-05-22 23:13:30 +0200
commit: 47c05b10018f5ec7493e4bd9f521aaa18d96f1e2 (patch)
tree: ed317d21931ab58671af4fedee2af05f3ff7908f /NEWS
parent: f3b0aa05fd1a1912d9c5fad7ebbaa7dcec31e047 (diff)
download: fetchmail-47c05b10018f5ec7493e4bd9f521aaa18d96f1e2.tar.gz
fetchmail-47c05b10018f5ec7493e4bd9f521aaa18d96f1e2.tar.bz2
fetchmail-47c05b10018f5ec7493e4bd9f521aaa18d96f1e2.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index bcf2537b..4a4e0c39 100644
--- a/NEWS
+++ b/NEWS
@@ -58,6 +58,14 @@ removed from a 6.4.0 or newer release.)
 
 fetchmail-6.3.20 (not yet released):
 
+# SECURITY FIXES
+* Fetchmail's socket timeout handling was incomplete.  Network outages in the
+  wrong phase of a communication, combined with unlucky operating systems and
+  their defaults, could cause fetchmail to hang for extended amounts of time.
+  Freezes for beyond a week were reported by Thomas Jarosch. Fetchmail sets
+  UNIX- and Internet-domain socket send and receive timeouts now.
+  This fixes a hang during STARTTLS negotiation reported by Thomas Jarosch.
+
 # CHANGES
 * fetchmail now always uses its own MD5 implementation.  The library and header
   variants are too diverse, and we've been bitten before -- and configure
author	Matthias Andree <matthias.andree@gmx.de>	2011-05-22 22:50:58 +0200
committer	Matthias Andree <matthias.andree@gmx.de>	2011-05-22 23:13:30 +0200
commit	47c05b10018f5ec7493e4bd9f521aaa18d96f1e2 (patch)
tree	ed317d21931ab58671af4fedee2af05f3ff7908f /NEWS
parent	f3b0aa05fd1a1912d9c5fad7ebbaa7dcec31e047 (diff)
download	fetchmail-47c05b10018f5ec7493e4bd9f521aaa18d96f1e2.tar.gz fetchmail-47c05b10018f5ec7493e4bd9f521aaa18d96f1e2.tar.bz2 fetchmail-47c05b10018f5ec7493e4bd9f521aaa18d96f1e2.zip