Prereq: "3.4.26"
diff -ur --new-file /var/tmp/postfix-3.4.26/src/global/mail_version.h ./src/global/mail_version.h
--- /var/tmp/postfix-3.4.26/src/global/mail_version.h	2022-04-18 12:15:16.000000000 -0400
+++ ./src/global/mail_version.h	2022-10-07 17:04:37.000000000 -0400
@@ -20,8 +20,8 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20220418"
-#define MAIL_VERSION_NUMBER	"3.4.26"
+#define MAIL_RELEASE_DATE	"20221007"
+#define MAIL_VERSION_NUMBER	"3.4.27"
 
 #ifdef SNAPSHOT
 #define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE
diff -ur --new-file /var/tmp/postfix-3.4.26/HISTORY ./HISTORY
--- /var/tmp/postfix-3.4.26/HISTORY	2022-04-18 11:46:16.000000000 -0400
+++ ./HISTORY	2022-10-07 17:00:18.000000000 -0400
@@ -24798,3 +24798,23 @@
 	chroot jail. Problem reported by Jesper Dybdal. Files:
 	cleanup/cleanup.h, cleanup/cleanup_init.c,
 	cleanup/cleanup_milter.c, cleanup/cleanup_state.c.
+
+20220724
+
+	Workaround: in a TLS server disable Postfix's 1-element
+	internal session cache, to work around an OpenSSL 3.0
+	regression that broke TLS handshakes. It is rarely useful.
+	Report by Spil Oss, fix by Viktor Dukhovni. File:
+	tls/tls_server.c.
+
+20220905
+
+	Cleanup: Postfix 3.3.0 introduced an uninitialized
+	verify_append() request status in case of a null original
+	recipient address.  File: global/verify.c.
+
+20220906
+
+	Cleanup: Postfix 3.4.26 introduced a missing msg_panic()
+	argument (in code that never executes). File:
+	cleanup/cleanup_milter.c.
diff -ur --new-file /var/tmp/postfix-3.4.26/src/cleanup/cleanup_milter.c ./src/cleanup/cleanup_milter.c
--- /var/tmp/postfix-3.4.26/src/cleanup/cleanup_milter.c	2022-04-17 18:31:50.000000000 -0400
+++ ./src/cleanup/cleanup_milter.c	2022-10-07 15:21:32.000000000 -0400
@@ -527,7 +527,7 @@
 	msg_panic("%s: %s is empty", myname, VAR_MILT_HEAD_CHECKS);
 
     if (cleanup_milter_hbc_checks)
-	msg_panic("%s: cleanup_milter_hbc_checks is not null");
+	msg_panic("%s: cleanup_milter_hbc_checks is not null", myname);
     cleanup_milter_hbc_checks =
 	hbc_header_checks_create(VAR_MILT_HEAD_CHECKS, var_milt_head_checks,
 				 NO_MIME_HDR_NAME, NO_MIME_HDR_VALUE,
@@ -535,7 +535,7 @@
 				 &call_backs);
 
     if (cleanup_milter_hbc_reply)
-	msg_panic("%s: cleanup_milter_hbc_reply is not null");
+	msg_panic("%s: cleanup_milter_hbc_reply is not null", myname);
     cleanup_milter_hbc_reply = vstring_alloc(100);
 }
 
diff -ur --new-file /var/tmp/postfix-3.4.26/src/global/verify.c ./src/global/verify.c
--- /var/tmp/postfix-3.4.26/src/global/verify.c	2017-12-27 16:53:13.000000000 -0500
+++ ./src/global/verify.c	2022-10-07 15:22:06.000000000 -0400
@@ -108,6 +108,8 @@
 	if (recipient->orig_addr[0])
 	    req_stat = verify_clnt_update(recipient->orig_addr, vrfy_stat,
 					  my_dsn.reason);
+	else
+	    req_stat = VRFY_STAT_OK;
 	/* Two verify updates for one verify request! */
 	if (req_stat == VRFY_STAT_OK
 	    && strcmp(recipient->address, recipient->orig_addr) != 0)
diff -ur --new-file /var/tmp/postfix-3.4.26/src/tls/tls_server.c ./src/tls/tls_server.c
--- /var/tmp/postfix-3.4.26/src/tls/tls_server.c	2020-07-26 13:47:16.000000000 -0400
+++ ./src/tls/tls_server.c	2022-10-07 16:58:44.000000000 -0400
@@ -730,6 +730,7 @@
 				       sizeof(server_session_id_context));
 	SSL_CTX_set_session_cache_mode(server_ctx,
 				       SSL_SESS_CACHE_SERVER |
+				       SSL_SESS_CACHE_NO_INTERNAL |
 				       SSL_SESS_CACHE_NO_AUTO_CLEAR);
 	if (cachable) {
 	    app_ctx->cache_type = mystrdup(props->cache_type);