Update to Dovecot 1.0.13.

Note that the changes for the security hole fix were quite large. I tested with
several auth configurations myself and they seemed to work, but it's possible I
left a bug somewhere in there breaking someone's configuration. So make sure to
test that it works after upgrading.

Of course it would be really nice if Dovecot had a proper test suite where
testing all configurations could be automated and run before each release. I've
already started this with my imaptest tool (http://imapwiki.org/ImapTest), but
it only does IMAP tests and a lot of things are still missing. Some help would
be nice here.

	* Fixed a security hole in blocking passdbs (MySQL always. PAM, passwd
	  and shadow if blocking=yes) where user could specify extra fields
	  in the password. The main problem here is when specifying
	  "skip_password_check" introduced in v1.0.11 for fixing master user
	  logins, allowing the user to log in as anyone without a valid
	  password.

	- mail_privileged_group was broken in some systems (OS X, Solaris?)
	- IMAP THREAD: Fixed some correctness problems

1 files changed, 2 insertions, 2 deletions

diff --git a/mail/dovecot/Makefile b/mail/dovecot/Makefile
index 173d229e799..6ea278bd846 100644
--- a/mail/dovecot/Makefile
+++ b/mail/dovecot/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.114 2008/03/05 08:23:37 ghen Exp $
+# $NetBSD: Makefile,v 1.115 2008/03/09 11:58:17 ghen Exp $
 
-DISTNAME=		dovecot-1.0.12
+DISTNAME=		dovecot-1.0.13
 CATEGORIES=		mail
 MASTER_SITES=		http://www.dovecot.org/releases/1.0/