Note:
42.1 still had PostfixAdmin 2.93 aka 3.0 beta3. Therefore this update also
introduces some new features (sqlite backend option and a new config option - no
config changed needed in existing installations).

Backporting only the fix for CVE-2017-5930 would mean not to include some other
security improvements like CSRF protection for POST requests and several
bugfixes.

Proposed patchinfo text:

Security update for PostfixAdmin

Update PostfixAdmin from 2.93 (3.0 beta 3) to 3.0.2.

IMPORTANT: After installing this update, you need to run setup.php to
upgrade the database layout!

This fixes the following security issue:
- don't allow to delete protected aliases (CVE-2017-5930, boo#1024211)

Also, several non-security bugs were fixed and features added:
- add sqlite backend option
- add configurable smtp helo (CONF["smtp_client"])
- fix VacationHandler for PostgreSQL
- AliasHandler: restrict mailbox subquery to allowed and specified domains
to improve performance on setups with lots of mailboxes
- allow switching between dovecot:* password schemes while still accepting
passwords hashed using the previous dovecot:* scheme
- FetchmailHandler: use a valid date as default for 'date'
- fix date formatting in non-english languages when using PostgreSQL
- fix escaping in gen_show_status() (could be used to DOS list-virtual by
creating a mail address with special chars)
- add CSRF protection for POST requests
- list.tpl: base edit/editactive/delete links in list.tpl on $RAW_item to
avoid double escaping, and fix some corner cases
- fix db_quota_text() for postgresql (concat() vs. ||)
- change default date for 'created' and 'updated' columns from 0000-00-00
(which causes problems with MySQL strict mode) to 2000-01-01
- allow punicode even in TLDs
- update Smarty to 3.1.29
- add checks to login.php and cli to ensure database layout is up to date
- whitelist '-1' as valid value for postfixadmin-cli