Release Varnish 6.2.1

Apply some adjustments to recent patches based off of review by Nils
Goroll at UPLEX (@nigoroll)

When clearing the [CR]LF in a line continuation, we would continue
replacing any [CR|LF|HT|SP] characters up until the end of the buffer,
possibly overwriting later [CR]LFs. Fix this by only unconditionally
overwrite one [CR]LF, and then only replace [HT|SP] with SP to keep with
previous behaviour.

Update r00494.vtc to include multiple line continuations to make sure they
are parsed.

The end of http1_dissect_hdrs ends with skipping over the final [CR]LF
that marks then end of the headers. Currently that skip is optional, that
is, it is skipped if it was present.

This patch adds an assert if the final [CR]LF is not found when finishing
the parsing. HTTP1_Complete guarantees that it is there, if not we would
not have started parsing the request or response in the first place, and
if it is missing, there must be an error in the parsing leading up to it.

In http1_splitline, if the third field is missing, we would still set the
txt.b value to where the field would have been, with a NULL txt.e
entry. This would cause http_Proto to attempt to parse the values
there. Fix this by only setting the .b and .e if the third field was
present.

When parsing a request like this, "GET /\n\n", the first NL would be
overwritten by nul guard inserted after the 2nd field, and the second NL
would be overwritten by the nul guard after the missing 3rd field. This
would cause http1_dissect_hdrs to attempt to decode the body as headers.

The proto field is optional in HTTP, so it may not be set. Set the proto
to 0 also for a NULL value instead of segfaulting if it were NULL.

The macros vct_iscrlf() and vct_skipcrlf() may look at one or two bytes
after its pointer value, causing OOB reads. This would allow
http1_dissect_hdrs to wrongly see a CRLF when one wasn't there (the last
LF left over in the bufer from the previous request).

Change the macros to inline functions, and harden them by always sending
the end pointer so that they can't overflow.

vct_iscrlf() will return an int value of 0 for no [CR]LF, 1 for LF and 2
for CRLF.

vct_skipcrlf() will return the pointer having been skipped 0, 1 or 2
bytes.

This is the first commit in the 6.2 branch, and marks the release
of Varnish Cache 6.2.0.

Happy new year!

This reverts commit de3e581e.

tests/saintmode/test04.vtc from varnish-modules revealed that there may
be use cases where it is implied that vcl_backend_error will leave a
ttl=0 object and the sale object will remain in place.

This can be resolved by:

	- return(abandon) for these cases or
	- making the HSH_Kill conditional on bo->fetch_objcore->ttl > 0

but I already has concerns regarding the impact of this change and have
them even more now.

We need time to ponder about the consequences and a documented
inefficiency is better than unexpected behaviour in a release.

Our stack space canary in v00004.vtc fell off the twig on fedora rawhide
i686

Thank you to @ingvarha for testing, reporting and all your support
overall!

Fixes #2946 in the sense that we want to treat backend synth like any
other object and kill the stale object it replaces.

The two HSH_Kill calls could also be subsumed in vbf_fetch_thread(),
but after an irc discussion, phk decided that he wanted to aim for even
more consolidation later.

The test checks that we remove the stale_oc, but not when abandoning the
bereq.

I'm keeping that information in both the changes and upgrading documents
to increase the chances that people will notice it.

The imprecise "changes" statement predated the decision to drop Python 2
entirely and was spotted by Geoff.

Reported by coverity.

Unless we think of something else to add, this version of the docs
is suitable for the 6.2 release.

Fixes #2943

Patch by @phk, test by yours truly.