[An on-line version of this announcement will be available at http://www.postfix.org/announcements/postfix-3.4.7.html]
Fixed in Postfix 3.4:
Robustness: the tlsproxy(8) daemon could go into a loop, logging a flood of error messages. Problem reported by Andreas Schulze after enabling SMTP/TLS connection reuse.
Fixed in all supported stable releases:
Workaround: OpenSSL changed an SSL_Shutdown() non-error result value into an error result value, causing logfile noise.
Configuration: the new 'TLS fast shutdown' parameter name was implemented incorrectly. The documentation said "tls_fast_shutdown_enable", but the code said "tls_fast_shutdown". This was fixed by changing the code, because no-one is expected to override the default.
Performance: workaround for poor TCP loopback performance on LINUX, where getsockopt(..., TCP_MAXSEG, ...) reports a bogus TCP maximal segment size that is 1/2 to 1/3 of the real MSS. To avoid client-side Nagle delays or server-side delayed ACKs caused by multiple smaller-than-MSS writes, Postfix chooses a VSTREAM buffer size that is a small multiple of the reported bogus MSS. This workaround increases the multiplier from 2x to 4x.
Robustness: the Postfix Dovecot client could segfault (null pointer read) or cause an SMTP server assertion to fail when talking to a fake Dovecot server. The Postfix Dovecot client now logs a proper error instead. Problem reported by Tim Düsterhus.
Fixed in Postfix 3.1, 3.2, 3.3:
Robustness: null pointer read while logging a warning after a postscreen_command_filter read error. This was already fixed in Postfix 3.4 and later.
You can find the updated Postfix source code at the mirrors listed at http://www.postfix.org/.