Log message:
Bump PKGREVISION by changing of default PHP version.

Log message:
Bump PKGREVISIONs for perl 5.30.0

Log message:
mail/squirrelmail: update to 1.4.23pre14832

Update squirrelmail to 1.4.23pre14832.

- Changed anti-CSRF security token lifetime to be session-based.
- Added favicon and ability for admins to use their own by setting
  $head_tag_extra in config_local.php (see documented comments in,
  for example, src/webmail.php)
- Altered hook types "do_hook_function" and \ 
"concat_hook_function"
  such that the ultimate hook return value (in its current state,
  as computed (or not) by the plugins that have executed previously)
  is both globalized and passed as an additional argument to each
  plugin.  This allows plugins to cooperate better and not overwrite
  each other's return values.
- Updated SVG handling, closing several related vulnerabilities
  (#2831) [CVE-2018-14950] [CVE-2018-14951] [CVE-2018-14952]
  [CVE-2018-14953] [CVE-2018-14954] [CVE-2018-14955]
- Added IMAP ID command (RFC2971), sent after every login - use
  by setting $imap_id_command_args in config/config_local.php
  (see notes in functions/imap_general.php for more details)
- Fixed PHP7 warnings (#2847)
- Added handling for RCDATA and RAWTEXT elements in HTML sanitizer
  [CVE-2019-12970]

Log message:
all: replace SUBST_SED with the simpler SUBST_VARS

pkglint -Wall -r --only "substitution command" -F

With manual review and indentation fixes since pkglint doesn't get that
part correct in every case.

Log message:
Recursive bump for perl5-5.28.0

Log message:
mail/squirrelmail: update to 1.4.23pre14764

Fix CVE-2018-8741 and more.

  - Added ability (and user preference) to return to message list
    after moving a message
  - Search enhancement: Added ability to search in more than one
    header without having to search the body
  - Add ability for saved drafts to indicate if they are a reply and
    if so, to which message, and mark that message as replied when
    the draft is finally sent
  - Added option to allow returning to the message one had been
    replying to after sending
  - Sanitize user-supplied attachment filenames (thanks to Florian
    Grunow for reporting this issue) [CVE-2018-8741]
  - Allow users who cannot edit their email address but who have
    multiple identities to edit all their identities

Log message:
Update squirrelmail to 1.4.23pre14688.

Note: CVE-2017-7692 is already fixed by 1.4.23pre14605nb1.

 - compose_send hook now has $draft flag in hook arguments
 - Fixed insufficient sendmail command argument escaping (thanks
   to Mitchel Sahertian, Beyond Security/Dawid Golunski and Filippo
   Cavallarin for bringing this to our attention). [CVE-2017-7692]
 - Upgraded preferences for the delete_move_next plugin.  Automatic
   user preference updates are included, but note that if your
   installation is new, or all user prefs have been converted from
   "on"/"off" to 0/1 then you can add the following to \ 
SquirrelMail's
   config/config_local.php to avoid convertign legacy values over and over:
      $do_not_convert_delete_move_next_legacy_preferences = TRUE;
 - Added ability to control the display of the "Check Spelling"
   button provided by the squirrelspell plugin, which allows
   administrators to offer this plugin but keep it out of the way
   for users who do not want it. Put sqspell_show_button=0 in
   default preferences if it should be hidden by default

Log message:
squirrelmail: patch remote code execution (CVE-2017-7692)
separately escape tainted input before feeding it into popen.
https://www.wearesegment.com/research/Squirrelmail-Remote-Code-Execution.html

patch from Filipo Cavallarin@wearesegment, who also found the vulnerability.
bump PKGREVISION

Log message:
Update squirrelmail to 1.4.23pre14605, latest snapshot.
PHP 7.0 support should be improved, too.

  - Added new "smtp_helo_override" hook; allows plugins to override
    the HELO host sent to the SMTP server when sending messages
  - Added STARTTLS support for both IMAP and SMTP connections
  - Added PDO support for database connections, so no external
    database module needs to be installed

Log message:
Remove patch on a localy installed file that did not belong to the distribution