Log message:
haproxy: updated to 3.4.0

3.4.0
- BUG/MINOR: tcpcheck: Check LDAP response to not read more data than available
- BUG/MINOR: ssl-gencert: validate SNI characters to prevent SAN certificate \ 
injection
- BUG/MINOR: mux-h1: H2 preface rejection doesn't update stick-table glitches
- BUG/MEDIUM: cpu-topo: Enforce thread-hard-limit on policy
- BUG/MEDIUM: qmux: do not crash on too large record
- BUG/MEDIUM: qmux: do not crash on receiving an invalid first frame
- BUG/MINOR: qmux: reject too large initial record
- Revert "BUG/MEDIUM: dns: fix long loops in additional records parse on \ 
name failure"
- BUG/MINOR: qpack: Fix index calculation in debug functions
- BUG/MINOR: qpack: fix potential null-pointer dereference in qpack_dht_insert()
- CLEANUP: qpack: fix copy-paste typo in value Huffman debug string
- BUG/MINOR: qpack: fix sign bit mask in qpack_decode_fs_pfx()
- CLEANUP: qpack: fix copy-paste typo in value Huffman debug string for WLN
- BUG/MINOR: qpack: fix huff_dec() error handling in qpack_decode_fs()
- CLEANUP: qpack: move encoded macros to qpack-t.h to avoid duplication
- BUG/MEDIUM: quic: handle ECONNREFUSED on RX side
- BUG/MINOR: quic: Fix memory leak in quic_deallocate_dghdlrs()
- BUG/MEDIUM: lua: defer Lua VM initialisation to the first Lua config keyword
- REGTESTS: lua: fix tune.lua.openlibs in Lua reg-tests
- BUG/MINOR: mux-h2: Count padding for connection flow control on error path
- BUILD: addons: convert 51d addon to EXTRA_MAKE
- BUILD: addons: convert deviceatlas addon to EXTRA_MAKE
- BUILD: addons: convert WURFL addon to EXTRA_MAKE
- MINOR: mux_quic/flags: add missing flags
- BUG/MINOR: mux_quic: open an idle QCS on reset on BE side
- BUG/MINOR: mux_quic: fix BE conn removal on app shutdown
- BUG/MINOR: mux_quic: prevent BE reuse with an errored conn
- BUG/MINOR: quic: fix ack range node pool_free call passing wrong pointer type
- MEDIUM: quic: optimize HKDF operations by reusing per-thread contexts
- BUG/MEDIUM: quic: reset cwnd in slow_start on persistent congestion (cubic)
- BUG/MEDIUM: quic: reset consecutive_losses on exit from recovery period (cubic)
- BUG/MINOR: quic: update drs->lost before calling on_ack_recv
- Revert "MEDIUM: quic: optimize HKDF operations by reusing per-thread \ 
contexts"
- BUG/MEDIUM: lua: register hlua_init() as a pre-check to fix crash without Lua \ 
config
- REGTESTS: quic: disable quic/ocsp_auto_update for now
- BUG/MINOR: threads: set at least grp_max when mtpg is too small
- BUG/MEDIUM: threads: ignore max-threads-per-group when thread-groups is set
- CLEANUP: thread: indicate when max-threads-per-group is ignored
- MINOR: cpu-topo: notify when cpu-policy is ignored due to other settings
- MINOR: thread: report when thread-groups or nbthread results in less threads
- BUILD: makefile: include EXTRA_MAKE in the .build_opts construction
- BUG/MINOR: quic: Fix another buffer overflow with sockaddr_in46
- MINOR: quic: Copy sin6_flowinfo and sin6_scope_id too
- BUILD: Makefile: put EXTRA_MAKE help at the right place
- BUG/MINOR: cache: fix cache tree iteration
- BUG/MEDIUM: resolvers: Wait a bit before calling the xprt prepare_srv
- CLEANUP: addons/51degrees: initialize variables
- MINOR: addons/51degrees: handle memory allocation failures
- CLEANUP: ncbmbuf: improve handling of memory allocation errors in unit tests
- CLEANUP: admin/halog: improve handling of memory allocation errors
- DOC: internals: clarify ambiguous wording in core-principles
- DOC: internals: add a threat model definition
- DOC: add security.txt describing how to report security issues
- DOC: security: also add a note to exclude dev/ and admin/
- BUG/MEDIUM: qmux: Close connection on invalid frame
- CLEANUP: fix comment typo
- BUG/MEDIUM: h3: fix MAX_PUSH_ID handling
- BUG/MINOR: cache: Fix copy of value when parsing maxage
- BUG/MEDIUM: mux-h1: Dup connection/upgrade value to parse it when making headers
- BUG/MEDIUM: htx: Fix headers rollback on partial copy in htx_xfer()
- MINOR: deinit: release the in-memory copy of shared libs
- MINOR: debug: add -dA to dump an archive of all dependencies
- BUG/MEDIUM: ssl: Make sure the alpn length is small enough
- BUG/MINOR: applet: Commit changes into input buffer after sending HTX data
- BUG/MINOR: mux-spop: Fix possible off-by-one OOB read in spop_get_varint()
- BUG/MEDIUM: leastconn: Unlock the write lock on allocation failure
- BUG/MINOR: tasks: Increase the right niced_task counter
- BUILD: makefile: search for Lua 5.5 as well
- DEV: dev/gdb: improve ebtree pointer handling
- DEV: dev/gdb: add simple task dump
- DEV: dev/gdb: add simple thread dump
- DEV: dev/gdb: add fdtab dump
- DOC: config: add a few more explanation in http-reusee regarding sni-auto
- REGTESTS: add basic QMux tests
- BUG/MINOR: http-act: Properly handle final evaluation in pause action
- BUILD: makefile/lua: use the system's default library before all other variants
- BUG/MINOR: startup: unbreak chroot with CAP_SYS_CHROOT
- BUG/MINOR: haterm: do not try to bind QUIC when not supported
- BUG/MINOR: haterm: also apply the tcp-bind-opts to clear TCP "bind" lines
- CLEANUP: haterm: do not try to bind to SSL when not built in
- MINOR: haterm: enable ktls on the SSL bind line when supported
- CI: github: replace cirrus by a vmactions/freebsd-vm job
- BUILD: makefile: fix build error with GNU make 4.2.1 and /bin/dash
- BUG/MEDIUM: channel: Fix condition to know if a channel may send
- BUG/MEDIUM: vars: Properly eval set-var-fmt action for emtpy log-format string
- CI: github: run illumos job weekly on Mondays at 03:00 instead of monthly
- BUG/MEDIUM: stream: Don't use small buffer on queuing with a request data filter
- BUG/MINOR: jwe: don't write randoms past MAX_DECRYPTED_CEK_LEN in RSA_PKCS1_PADDING
- BUG/MEDIUM: chunk: do not rely on small trash by default for expressions
- CLEANUP: map: always test pat->ref in sample_conv_map_key()
- DEV: patchbot: prepare for new version 3.5-dev
- MINOR: version: mention that it's 3.4 LTS now.

Log message:
haproxy: support for USE_REGPARM was removed, remove it from Makefile

Log message:
haproxy: updated to 3.3.10

3.3.10
- BUG/MINOR: ssl: Use the sequence number with kTLS and TLS 1.2
- BUG/MINOR: mux_quic: fix max stream ID reuse estimation
- BUG/MEDIUM: mux-h2: Properly consume padding for DATA frames
- Revert "BUG/MEDIUM: cli: fix master CLI connection slot leak on client \ 
disconnect"
- Revert "BUG/MINOR: mux-h2: condition the processing of 8441 extension to \ 
global setting"
- BUG/MEDIUM: mux-h2: fix the detection of the ext connect support
- BUG/MEDIUM: stick-table: properly check permissions on CLI's set/clear cmd
- BUG/MEDIUM: mux_quic: adjust qcc_is_dead() to account detached streams
- BUG/MINOR: mux_quic: refresh timeout only if I/O performed
- BUG/MEDIUM: servers: Only requeue servers if they are up
- BUG/MINOR: cfgparse-listen: do not emit extraneous line in rule order warnings
- BUG/MEDIUM: tasks: Keep the TASK_RUNNING flag until queued

Log message:
haproxy: updated to 3.3.9

3.3.9
- BUG/MINOR: sink: do not free existing sinks on allocation error
- BUG/MINOR: vars: make parse_store() return error on var_set() failure
- BUG/MINOR: vars: don't store the variable twice with set-var-fmt
- BUG/MINOR: vars: only print first invalid char in fill_desc()
- BUG/MINOR: hpack: validate idx > 0 in hpack_valid_idx()
- BUG/MEDIUM: cli: fix master CLI connection slot leak on client disconnect
- BUG/MINOR: acl: fix a possible arg corruption in smp_fetch_acl_parse()
- BUG/MINOR: map: do not leak a map descriptor on load error
- CLEANUP: map/cli: fix some map-related help messages
- BUG/MINOR: pattern: release the reference on failure to load from file
- CI: github: add DEBUG_STRICT=2 to ASAN jobs
- BUG/MEDIUM: mux-h2: fix the body_len to check when parsing request trailers
- BUG/MAJOR: mux-h2: preset MSGF_BODY_CL on H2_SF_DATA_CLEN in h2c_dec_hdrs()
- BUG/MINOR: dns: always validate the source address in responses
- BUG/MINOR: tcpcheck: Properly report error for http health-checks
- BUG/MINOR: resolvers: Free new requester on error when linking a resolution
- BUG/MINOR: resolvers: Fix lookup for a hostname in the state-file tree
- BUG/MINOR: resolvers: Free opts on parse error in resolv_parse_do_resolve()
- REGTESTS: add a regtest to validate various NTLM transitions
- BUG/MEDIUM: mworker/cli: fix user and operator permission via @@<pid> in \ 
master CLI
- BUG/MINOR: mworker/cli: check ci_insert() return value in pcli_parse_request()
- DOC: acme: document missing acme-vars and provider-name keywords
- REGTESTS: http-messaging: always send RFC8441 client settings to use ext connect
- BUG/MINOR: h2: add decoding for :protocol in traces
- BUG/MINOR: mux-h2: condition the processing of 8441 extension to global setting
- MINOR: mux-h2: add a new message flag to indicate ext connect support
- BUG/MINOR: h2: only accept :protocol with extended CONNECT
- BUG/MINOR: acme: contact mail should be optional, don't pass ToS bool
- BUG/MINOR: http-fetch: Fix http_auth_bearer() when custom header is used
- BUG/MEDIUM: h1_htx: Remove reverved block on error during contig chunks parsing
- BUG/MINOR: tools: read_line_to_trash() handle empty files without \n
- BUG/MAJOR: http: forbid comma character in authority value
- BUG/MEDIUM: h1: Enforce the authority validation during H1 request parsing

Log message:
haproxy: updated to 3.3.8

3.3.8
- BUG/MINOR: tcpcheck: Allow connection reuse without prior traffic
- BUG/MINOR: ssl: fix memory leaks on realloc failure in ssl_ckch.c
- BUG/MINOR: ssl: fix memory leaks on realloc failure in ssl_sock.c
- DOC: config: Fix log-format example with last rule expressions
- BUG/MINOR: ssl: fix double-free on failed realloc in ssl_sock.c
- BUG/MINOR: tools: my_memspn/my_memcspn wrong cast causing incorrect byte reading
- BUG/MINOR: tools: fix memory leak in indent_msg() on out of memory
- BUG/MINOR: tools: free previously allocated strings on strdup failure in \ 
backup_env()
- BUG/MINOR: sample: fix memory leak in check_when_cond() when ACL is not found
- BUG/MINOR: sample: fix NULL strm dereference in sample_conv_when
- BUG/MINOR: peers: fix logical "and" when checking for local in \ 
PEER_APP_ST_STARTING
- BUG/MINOR: peers: fix wrong flag reported twice for dump_flags
- CLEANUP: peers: fix a few user-visible spelling mistakes
- BUG/MEDIUM: mux_h1: fix stack buffer overflow in h1_append_chunk_size()
- BUG/MINOR: http_ana: use scf to report term_evts in http_wait_for_request()
- BUILD: 51d: fix bool definition on dummy lib v4
- BUG/MAJOR: http-htx: Store new host in a chunk for scheme-based normalization
- BUG/MEDIUM: http-htx: Don't use data from HTX message to update authority
- BUG/MEDIUM: http-htx: Loop on full host value during scheme based normalization
- BUG/MAJOR: mux-h1: Deal with true 64-bits integer to emit chunks size
- BUG/MEDIUM: tasks: Do not loop in task_schedule() if a task is running
- BUG/MINOR: fix various typos and spelling mistakes in user-visible messages
- BUG/MINOR: payload: validate minimum keyshare_len in smp_fetch_ssl_keyshare_groups
- BUG/MINOR: payload: prevent integer overflow in distcc token parsing
- BUG/MEDIUM: mux-fcgi: Properly handle full buffer for FCGI_PARAM record
- BUG/MINOR: http-htx: Don't normalize emtpy path for OPTIONS requests
- BUG/MEDIUM: acme: fix segfault on newOrder with empty authorizations
- BUG/MINOR: acme: skip auth/challenge steps when newOrder returns a certificate

Log message:
haproxy: updated to 3.3.7

3.3.7

- BUG/MINOR: mworker: fix sort order of mworker_proc in 'show proc'
- BUG/MINOR: sock: adjust accept() error messages for ENFILE and ENOMEM
- BUG/MINOR: qpack: fix 62-bit overflow and 1-byte OOB reads in decoding
- MEDIUM: sched: do not run a same task multiple times in series
- MINOR: sched: do not requeue a tasklet into the current queue
- MINOR: sched: do not punish self-waking tasklets anymore
- MEDIUM: sched: do not punish self-waking tasklets if TASK_WOKEN_ANY
- MEDIUM: sched: change scheduler budgets to lower TL_BULK
- MINOR: mux-h2: assign a limited frames processing budget
- BUILD: sched: fix leftover of debugging test in single-run changes
- BUG/MEDIUM: acme: fix multiple resource leaks in acme_x509_req()
- BUG/MINOR: acme: leak of ext_san upon insertion error
- BUG/MINOR: acme: wrong error when checking for duplicate section
- BUG/MINOR: acme/cli: wrong argument check in 'acme renew'
- Revert "BUG/MEDIUM: mux-h2: make sure to always report pending errors to \ 
the stream"
- DOC: config: Fix alphabetical ordering of proxy options
- DOC: config: Fix alphabetical ordering of external-check directives
- DOC: config: Add missing 'status-code' param for 'http-check expect' directive
- DOC: config: Reorder params for 'tcp-check expect' directive
- BUG/MINOR: stats-file: manipulate shm-stats-file heartbeat using unsigned int
- BUG/MEDIUM: stats-file: detect and fix inconsistent shared clock when resuming \ 
from shm-stats-file
- BUG/MINOR: proxy: detect strdup error on server auto SNI
- BUG/MINOR: server: set auto SNI for dynamic servers
- BUG/MINOR: server: enable no-check-sni-auto for dynamic servers
- BUG/MINOR: quic: fix counters used on BE side
- BUG/MINOR: quic/h3: display QUIC/H3 backend module on HTML stats
- BUG/MINOR: acme: acme_ctx_destroy() leaks auth->dns
- BUG/MINOR: acme: wrong labels logic always memprintf errmsg
- BUG/MINOR: acme: fix incorrect number of arguments allowed in config
- BUG/MEDIUM: spoe: Acquire context buffer in applet before consuming a frame
- MINOR: ncbmbuf: improve itbmap_next() code
- BUG/MINOR: quic: missing app ops init during backend 0-RTT sessions
- BUG/MINOR: acme: free() DER buffer on a2base64url error path
- BUG/MINOR: acme: replace atol with len-bounded __strl2uic() for retry-after
- BUG/MINOR: acme/cli: fix argument check and error in 'acme challenge_ready'
- BUILD: tools: potential null pointer dereference in dl_collect_libs_cb
- BUG/MINOR: ech: permission checks on the CLI
- BUG/MINOR: acme: permission checks on the CLI
- BUG/MINOR: config: Properly test warnif_misplaced_* return values
- BUG/MINOR: http-ana: Only consider client abort for abortonclose
- BUG/MEDIUM: acme: skip doing challenge if it is already valid
- BUG/MINOR: acme: fix task allocation leaked upon error
- CI: github: fix tag listing by implementing proper API pagination
- BUG/MINOR: quic: close conn on packet reception with incompatible frame
- BUG/MINOR: stconn: Always declare the SC created from healthchecks as a back SC
- MINOR: stconn: flag the stream endpoint descriptor when the app has started
- MINOR: mux-h2: report glitches on early RST_STREAM
- SCRIPTS: git-show-backports: list new commits and how to review them with -L
- BUG/MEDIUM: ssl/cli: tls-keys commands warn when accessed without admin level
- BUG/MEDIUM: ssl/ocsp: ocsp commands warn when accessed without admin level
- BUG/MEDIUM: map/cli: map/acl commands warn when accessed without admin level
- BUG/MEDIUM: ssl/cli: tls-keys commands are missing permission checks
- BUG/MEDIUM: ssl/ocsp: ocsp commands are missing permission checks
- BUG/MEDIUM: map/cli: CLI commands lack admin permission checks
- DOC: configuration: mention QUIC server support
- BUG/MEDIUM: mux-h1: Don't set MSG_MORE on bodyless responses forwarded to client
- BUG/MINOR: tcpcheck: Remove unexpected flag on tcpcheck rules for httchck option
- BUG/MINOR: tcpcheck: Don't enable http_needed when parsing HTTP samples
- BUG/MINOR: tcpcheck: Use tcpcheck context for expressions parsing
- BUG/MINOR: quic: fix documentation for transport params decoding
- BUG/MINOR: cfgcond: properly set the error pointer on evaluation error
- BUG/MINOR: cfgcond: always set the error string on openssl_version checks
- BUG/MINOR: cfgcond: always set the error string on awslc_api checks
- BUG/MINOR: cfgcond: fail cleanly on missing argument for "feature"
- DOC: config: fix ambiguous info in log-steps directive description
- BUG/MEDIUM: mux-h1: Disable 0-copy forwarding when draining the request
- BUG/MINOR: http-act: fix a typo in the "pause" action error message
- BUG/MINOR: counters: fix unexpected 127 char GUID truncation for \ 
shm-stats-file objects
- BUG/MEDIUM: payload: validate SNI name_len in req.ssl_sni
- BUG/MEDIUM: jwt: fix heap overflow in ECDSA signature DER conversion
- BUG: hlua: fix stack overflow in httpclient headers conversion
- BUG/MINOR: hlua: fix stack overflow in httpclient headers conversion
- BUG/MINOR: hlua: fix format-string vulnerability in Patref error path
- BUG/MINOR: peers: fix OOB heap write in dictionary cache update
- BUG/MAJOR: slz: always make sure to limit fixed output to less than worst case \ 
literals
- BUG/MINOR: resolvers: fix memory leak on AAAA additional records
- BUG/MINOR: spoe: fix pointer arithmetic overflow in spoe_decode_buffer()
- BUG/MEDIUM: samples: Fix handling of SMP_T_METH samples
- BUG/MINOR: sample: fix info leak in regsub when exp_replace fails
- BUG/MEDIUM: mux-fcgi: prevent record-length truncation with large bufsize
- BUG/MINOR: hlua: fix use-after-free of HTTP reason string
- BUG/MINOR: ot: fixed wrong NULL check in flt_ot_parse_cfg_group()
- BUG/MINOR: log: Fix error message when using unavailable fetch in logfmt
- BUG/MEDIUM: cli: Properly handle too big payload on a command line
- BUG/MEDIUM: htx: Fix function used to change part of a block value when defrag
- BUG/MEDIUM: htx: Don't count delta twice when block value is replaced
- BUG/MINOR: acme: don't pass NULL into format string
- BUG/MEDIUM: peers: trash of expired entries delayed after fullresync
- BUG/MINOR: threads: properly set the number of tgroups when non using policy
- BUG/MEDIUM: mux-h2: ignore conn->owner when deciding if a connection is dead
- BUG/MINOR: task: fix uninitialised read in run_tasks_from_lists()
- BUG/MINOR: mux_quic: limit avail_streams() to 2^62
- BUG/MINOR: log: consider format expression dependencies to decide when to log
- MINOR: sample: make RQ/RS stats available everywhere
- BUG/MINOR: sample: adjust dependencies for channel output bytes counters
- BUG/MAJOR: sched: protect task->expire on 32-bit platforms
- reg-tests/ssl/ssl_dh.vtc: fix syntax error
- BUG/MINOR: mux-h2: count a protocol error when failing to parse a trailer
- BUG/MINOR: mux-h2: count a proto error when rejecting a stream on parsing error
- BUG/MEDIUM: tasks: Make sure we don't schedule a task already running
- BUG/MINOR: h2: make tune.h2.log-errors actually work
- BUG/MINOR: h2: Don't look at the exclusive bit for PRIORITY frame
- BUG/MINOR: H2: Don't forget to free shared_rx_bufs on failure
- BUG/MINOR: log: also wait for the response when logging response headers
- BUG/MINOR: mux-h1: Fix condition to send null-chunk for bodyless message
- BUG/MINOR: mux-h1: Fix test to skip trailers from chunked messages
- DOC: config: Fix a typo for "external-check" directive
- REGTESTS: Never reuse server connection in jwt/jws_verify.vtc
- REGTESTS: Never reuse server connection in server/cli_delete_dynamic_server.vtc
- REGTESTS: ssl: mark ssl_dh.vtc as broken
- SCRIPTS: build-vtest: allow to set a TMPDIR and a DESTDIR
- CI: VTest build with git clone + cache
- CI: github: only enable OS X on development branches
- BUG/MINOR: compression: properly disable request when setting response
- BUG/MINOR: debug: properly mark the entire libs archive read-only
- BUG/MINOR: server: fix a possible leak of an error message in dynamic servers
- BUG/MAJOR: mux-h2: detect incomplete transfers on HEADERS frames as well
- BUG/MEDIUM: mux-h1: Force close mode for bodyless message announcing a C-L

Log message:
haproxy: updated to 3.3.6

3.3.6
- BUG/MEDIUM: shctx: Use the next block when data exactly filled a block
- BUG/MINOR: mworker: don't set the PROC_O_LEAVING flag on master process
- BUG/MINOR: tcpcheck: Fix typo in error error message for `http-check expect`
- BUG/MINOR: jws: fix memory leak in jws_b64_signature
- DOC: configuration: http-check expect example typo
- DOC/CLEANUP: config: update mentions of the old "Global parameters" \ 
section
- BUG/MEDIUM: ssl: Handle receiving early data with BoringSSL/AWS-LC
- BUG/MINOR: mworker: always stop the receiving listener
- BUG/MEDIUM: ssl: Don't report read data as early data with AWS-LC
- BUG/MINOR: memprof: avoid a small memory leak in "show profiling"
- MINOR: activity: use dynamic allocation for "show profiling" entries
- MINOR: tools: extend the pointer hashing code to ease manipulations
- MINOR: memprof: attempt different retry slots for different hashes on collision
- BUG/MINOR: mworker: only match worker processes when looking for unspawned proc
- BUG/MINOR: mworker: fix typo &= instead of & in proc list serialization
- BUG/MINOR: mworker: set a timeout on the worker socketpair read at startup
- BUG/MINOR: mworker: avoid passing NULL version in proc list serialization
- BUG/MINOR: sockpair: set FD_CLOEXEC on fd received via SCM_RIGHTS
- BUG/MINOR: spoe: Properly switch SPOE filter to WAITING_ACK state
- BUG/MEDIUM: spoe: Properly abort processing on client abort
- BUG/MINOR: h2/h3: Only test number of trailers inserted in HTX message
- MINOR: htx: Add function to truncate all blocks after a specific block
- BUG/MINOR: h2/h3: Never insert partial headers/trailers in an HTX message
- BUG/MINOR: http-ana: Swap L7 buffer with request buffer by hand
- BUG/MINOR: proxy: do not forget to validate quic-initial rules
- BUG/MINOR: stream: Fix crash in stream dump if the current rule has no keyword
- BUG/MINOR: mjson: make mystrtod() length-aware to prevent out-of-bounds reads
- BUG/MINOR: spoe: Fix condition to abort processing on client abort
- BUILD: spoe: Remove unsused variable
- DEV: gdb: add a utility to find the post-mortem address from a core
- MINOR: tools: add a function to create a tar file header
- MINOR: tools: add a function to load a file into a tar archive
- MINOR: config: support explicit "on" and "off" for \ 
"set-dumpable"
- MINOR: debug: read all libs in memory when set-dumpable=libs
- DEV: gdb: add a new utility to extract libs from a core dump: libs-from-core
- MINOR: debug: copy debug symbols from /usr/lib/debug when present
- MINOR: debug: opportunistically load libthread_db.so.1 with set-dumpable=libs
- BUILD: makefile: fix range build without test command
- MINOR: tools: add a new pointer hash function that also takes an argument
- MINOR: tinfo: start to add basic thread_exec_ctx
- MINOR: memprof: prepare to consider exec_ctx in reporting
- MINOR: memprof: also permit to sort output by calling context
- MINOR: tools: add a function to write a thread execution context.
- MINOR: debug: report the execution context on thread dumps
- MINOR: memprof: report the execution context on profiling output
- MINOR: initcall: record the file and line declaration of an INITCALL
- MINOR: tools: decode execution context TH_EX_CTX_INITCALL
- MINOR: tools: support decoding ha_caller type exec context
- MINOR: sample: store location for fetch/conv via initcalls
- MINOR: sample: also report contexts registered directly
- MINOR: tools: support an execution context that is just a function
- MINOR: actions: store the location of keywords registered via initcalls
- MINOR: actions: also report execution contexts registered directly
- MINOR: filters: set the exec context to the current filter config
- MINOR: ssl: set the thread execution context during message callbacks
- MINOR: connection: track mux calls to report their allocation context
- MINOR: task: set execution context on task/tasklet calls
- MINOR: applet: set execution context on applet calls
- MINOR: cli: keep the info of the current keyword being processed in the appctx
- MINOR: cli: keep track of the initcall context since kw registration
- MINOR: cli: implement execution context for manually registered keywords
- MINOR: activity: support aggregating by caller also for memprofile
- MINOR: activity: raise the default number of memprofile buckets to 4k
- DOC: internals: short explanation on how thread_exec_ctx works
- BUG/MINOR: mworker: don't try to access an initializing process
- BUG/MEDIUM: peers: enforce check on incoming table key type
- BUG/MINOR: mux-h2: properly ignore R bit in GOAWAY stream ID
- BUG/MINOR: mux-h2: properly ignore R bit in WINDOW_UPDATE increments
- BUG/MAJOR: h3: check body size with content-length on empty FIN
- BUG/MEDIUM: h3: reject unaligned frames except DATA
- MINOR: mworker/cli: extract worker "show proc" row printer
- BUG/MINOR: mworker/cli: fix show proc pagination losing entries on resume
- CI: github: treat vX.Y.Z release tags as stable like haproxy-* branches

Log message:
haproxy: updated to 3.3.5

3.3.5
- MINOR: mux-h2: also count glitches on invalid trailers
- MINOR: mux-h2: add a new setting, "tune.h2.log-errors" to tweak \ 
error logging
- BUG/MEDIUM: mux-h2: make sure to always report pending errors to the stream
- BUG/MINOR: promex: fix server iteration when last server is deleted
- BUG/MEDIUM: stream: Handle TASK_WOKEN_RES as a stream event
- BUG/MEDIUM: hpack: correctly deal with too large decoded numbers
- BUG/MAJOR: qpack: unchecked length passed to huffman decoder
- BUG/MINOR: qpack: fix 1-byte OOB read in qpack_decode_fs_pfx()
- BUG/MINOR: quic: fix OOB read in preferred_address transport parameter
- BUG/MEDIUM: qpack: correctly deal with too large decoded numbers
- BUG/MINOR: h1-htx: Be sure that H1 response version starts by "HTTP/"
- DEBUG: stream: Display the currently running rule in stream dump
- MINOR: filters: Set last_entity when a filter fails on stream_start callback
- DOC: config: Use the right alias for %B
- BUG/MINOR: channel: Increase the stconn bytes_in value in channel_add_input()
- BUG/MINOR: sample: Fix sample to retrieve the number of bytes received and sent
- BUG/MINOR: http-ana: Increment scf bytes_out value if an haproxy error is sent
- BUG/MAJOR: fcgi: Fix param decoding by properly checking its size
- BUG/MAJOR: resolvers: Properly lowered the names found in DNS response
- BUG/MEDIUM: mux-fcgi: Use a safe loop to resume each stream eligible for sending
- BUG/MINOR: hlua: Properly enable/disable line receives from HTTP applet
- BUG/MEDIUM: hlua: Fix end of request detection when retrieving payload
- BUG/MINOR: stconn: Increase SC bytes_out value in se_done_ff()
- BUG/MINOR: ssl-sample: Fix sample_conv_sha2() by checking EVP_Digest* failures
- BUG/MINOR: backend: Don't get proto to use for webscoket if there is no server
- BUG/MINOR: admin: haproxy-reload rename -vv long option
- SCRIPTS: git-show-backports: hide the common ancestor warning in quiet mode
- SCRIPTS: git-show-backports: add a restart-from-last option