When running really massive runs, "-j180 -n10000" kind of things,
the "rm -rf" of the tmpdir becomes the limiting factor.

The new -C option sends that int nice(1)'ed child process.

seen in vtest:

**** v1   vsl|       1004 Begin           b bereq 1003 fetch
**** v1   vsl|       1004 VCL_use         b vcl1
**** v1   vsl|       1004 Timestamp       b Start: 1602334643.946723 0.000000 0.000000
**** v1   vsl|       1004 BereqMethod     b PUT
**** v1   vsl|       1004 BereqURL        b /2
**** v1   vsl|       1004 BereqProtocol   b HTTP/1.1
**** v1   vsl|       1004 BereqHeader     b Host: 127.0.0.1
**** v1   vsl|       1004 BereqHeader     b Content-Length: 250000
**** v1   vsl|       1004 BereqHeader     b X-Forwarded-For: 127.0.0.1
**** v1   vsl|       1004 BereqMethod     b GET
**** v1   vsl|       1004 BereqHeader     b Accept-Encoding: gzip
**** v1   vsl|       1004 BereqHeader     b X-Varnish: 1004
**** v1   vsl|       1004 VCL_call        b BACKEND_FETCH
**** v1   vsl|       1004 VCL_return      b fetch
**** v1   vsl|       1004 BackendOpen     b 26 s1 127.0.0.1 36579 127.0.0.1 60878 connect
**** v1   vsl|       1004 Timestamp       b Bereq: 1602334643.956883 0.010159 0.010159
**** v1   vsl|       1004 FetchError      b HTC eof (-1)

Ref #3433

Trying to fix the build for clang 15 actually broke the build for GCC.

The -Werror that was initially set after saving CFLAGS was meant to be
part of NO_VIZ test. We turn warnings into errors later in the configure
script so at this point we shouldn't care about it. If we really do, we
can move this check below the line where -Werror is set.

GCC chokes on -Wno-error=deprecated-non-prototype so instead we add it
conditionally.

To match the naming convention everywhere else, libvgz_extra_cflags was
renamed to VGZ_CFLAGS.

Refs 118fd10c

Conflicts:
	configure.ac
	lib/libvgz/Makefile.am

There are two warnings that we enforce for our own code that zlib does
not. There's also the visibility attribute that we check at configure
time. And regarding the visibility attribute, zlib no longer relies on
a NO_VIZ macro and aligned with the autoconf naming convention and wants
HAVE_HIDDEN instead.

Conflicts:
	configure.ac
	lib/libvgz/Makefile.am

Varnish is not subject to CVE 2022 37434, we never use "extra" data.

FreeBSD's code is undergoing some compatibility adaptations
so we go directly to the source from here.

PS: Please keep cochinelle out of libvgz.

Fixes #3491

Check for correct handling of missing pseudo-headers, and invalid
characters.
Signed-off-by: Asad Sajjad Ahmed <asadsa@varnish-software.com>

The :scheme pseudo header is not optional in H/2 except when doing CONNECT.
There is also a strict requirement for it appear only once.
Signed-off-by: Asad Sajjad Ahmed <asadsa@varnish-software.com>

We should apply the same restrictions on the list of allowed characters inside
H/2 pseudo-headers as we do for H/1. This error is translated into the
headers we send to a backend over H/1.

Failure to do so could permit various exploits against a backend not handling
malformed H/1 requests.
Signed-off-by: Asad Sajjad Ahmed <asadsa@varnish-software.com>

I find ":path: /foo" more descriptive than "/foo", even though I could
infer which one it was...

Now that http_DoConnection() is used without respecting the SC_RX_BAD
return value it should not return early when encountering a well-known
header.

Some browsers are strict about this and simply drop responses containing
such headers. Since this is not filtering a context switch between a
client and a backend transaction (or cache hit) a new filtering flag is
added to the HTTP headers table for connection-specific headers. This
new flag cannot be compounded as HTTPH_R_FETCH|HTTPH_A_INS because the
TE header is an exception and left alone, even though trailers aren't
supported.

Better diff with the --ignore-all-space option.

We could go further and consider any client request containing one as
malformed as mandated by RFC 7540.

Closes #3416

no semantic changes, just consolidating three places in one

(thus pushed during freeze)

Allow the user to log the request time in milliseconds through the new
format specifier: %{ms}T .
Signed-off-by: Asad Sajjad Ahmed <asadsa@varnish-software.com>