From 47c05b10018f5ec7493e4bd9f521aaa18d96f1e2 Mon Sep 17 00:00:00 2001
From: Matthias Andree <matthias.andree@gmx.de>
Date: Sun, 22 May 2011 22:50:58 +0200
Subject: Fix socket timeout handling.

Fixes STARTTLS hangs reported by Thomas Jarosch.
---
 NEWS | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'NEWS')

diff --git a/NEWS b/NEWS
index bcf2537b..4a4e0c39 100644
--- a/NEWS
+++ b/NEWS
@@ -58,6 +58,14 @@ removed from a 6.4.0 or newer release.)
 
 fetchmail-6.3.20 (not yet released):
 
+# SECURITY FIXES
+* Fetchmail's socket timeout handling was incomplete.  Network outages in the
+  wrong phase of a communication, combined with unlucky operating systems and
+  their defaults, could cause fetchmail to hang for extended amounts of time.
+  Freezes for beyond a week were reported by Thomas Jarosch. Fetchmail sets
+  UNIX- and Internet-domain socket send and receive timeouts now.
+  This fixes a hang during STARTTLS negotiation reported by Thomas Jarosch.
+
 # CHANGES
 * fetchmail now always uses its own MD5 implementation.  The library and header
   variants are too diverse, and we've been bitten before -- and configure
-- 
cgit v1.2.3