`set_client_ciphersuite` can potentially dereference NULL if the session's
cipher is not set — add a check for this condition.

Closes tarantool/security#27

NO_CHANGELOG=<security fix>
NO_DOC=<security fix>
NO_TEST=<third-party security fix>

(cherry picked from commit a8c6c27c)

The main cord's event loop is initialized by fiber_init(), but for some
reason successful initialization is only checked in main() after other
initialization code might try to use the event loop already.

For example, some of the loop users are coio_enable(), signal_init(),
tarantooL_lua_init(), and they are all run before we actually check that
loop is not NULL.

Closes tarantool/security#28

NO_DOC=code health
NO_TEST=code health
NO_CHANGELOG=code health

(cherry picked from commit 579ac6d3)

This patch replaces malloc() with xmalloc() in key_def_dup() to avoid
the possibility of skipping the malloc() return value check.

Closes tarantool/security#81

NO_DOC=refactoring
NO_TEST=refactoring
NO_CHANGELOG=refactoring

(cherry picked from commit 8ca94313)

The problem is if cat fails, because a patch file doesn't exist
PATH_COMMAND written like this won't detect it, because the last
command (patch) will complete successfully (apply existing patches
found by cat):

  cat XXX.patch YYY.patch | patch -p1

The proper way is to use PATCH_COMMAND continuation:

  PATCH_COMMAND patch -p1 -i XXX.patch
  COMMAND       patch -p1 -i YYY.patch

NO_DOC=build
NO_TEST=build
NO_CHANGELOG=build

(cherry picked from commit 9549310d)

- Drop testing for macOS 11 since macOS 13 is now available

- Add missing testing for macOS 12:
  - debug build (x86_64)
  - debug, release, and static-cmake builds (aarch64)

- Add testing for macOS 13:
  - debug, release, release-lto, and static-cmake builds (x86_64)
  - debug, release, release-lto, and static-cmake builds (aarch64)

Closes #6739
Closes tarantool/tarantool-qa#301

NO_DOC=ci
NO_TEST=ci
NO_CHANGELOG=ci

(cherry picked from commit a13504d8)

tls_construct_ctos_session_ticket() has a potential
NULL pointer dereference.

Closes tarantool/security#54

NO_DOC=security
NO_TEST=security
NO_CHANGELOG=security

(cherry picked from commit 639ec224)

Now, delete in ephemeral space is obviously incorrect - if we try to
delete a tuple, which is not present in index, NULL dereference will
happen. Fortunately, ephemeral spaces are used for internal purposes
only, so, most likely, this never happens. Let's fix this part not to
confuse code analyzers.

Closes https://github.com/tarantool/security/issues/38

NO_TEST=shouldn't normally happen
NO_CHANGELOG=shouldn't normally happen
NO_DOC=shouldn't normally happen

(cherry picked from commit a2d5e54e)

Added bounds check after conversion of a string key to int to avoid
potential out-of-bounds access.

Closes tarantool/security#45

NO_TEST=trivial
NO_CHANGELOG=internal
NO_DOC=internal

(cherry picked from commit 66f2679d)

Sometimes, we only need to test static-build, e.g. when we apply a patch
to a third party sub-project. Let's introduce a new label to run the ci
checks faster in this case.

NO_DOC=ci
NO_TEST=ci
NO_CHANGELOG=ci

(cherry picked from commit 09a77cd7)

We're going to add a whole bunch of them. Putting them all in
a sub-directory will help keeping the file tree organized.

Note, we have to update .gitignore so that the patches/ sub-directory
is ignored only at the top level (it's used by quilt).

NO_DOC=build
NO_TEST=build
NO_CHANGELOG=build

(cherry picked from commit b8ec809e)

This is useful for example for the analysis of performance complaints
from users, when they claim that one version of Tarantool is slower
than another, in fact comparing debug and release builds.

NO_DOC=minor change
NO_TEST=minor change

(cherry picked from commit 45576088)

When log format is JSON and a Lua table is written to the log, such
messages are saved by the flight recorder as a "json" string. Fix it.

Part of tarantool/tarantool-ee#325

NO_DOC=bugfix
NO_TEST=will be added to EE, because there are no flightrec in CE
NO_CHANGELOG=will be added to EE, because there are no flightrec in CE

Bitset index size calculation uses the cardinality of the 'flag' bitset,
but when the bitset index is empty, i.e., uninitialized, the
'flag' bitset is not allocated, hence we should simply return 0.

Closes #5809

NO_DOC=bugfix

(cherry picked from commit d542a01a)

After adding the autorequiring luatest [1,2], there is no need to use
the following approach now:

```
local t = require('luatest')
local g = t.group()

server:exec(function()
    local t = require('luatest') -- duplicate
    t.assert(...)
end)
```

Modern approach looks like:

```
local t = require('luatest')
local g = t.group()

-- `t` already available in the remote server
server:exec(function() t.assert(...) end)

-- also it works with any variable
local my_custom_t = require('luatest')

server:exec(function()
    my_custom_t.assert(...) -- already available
end)
```

[1] tarantool/luatest#277
[2] tarantool/luatest#289

Part of tarantool/luatest#233

NO_DOC=test fix
NO_TEST=test fix
NO_CHANGELOG=test fix

(cherry picked from commit 98dd8e69)

We didn't take into consideration the fact, that precision
value passed to control the width of nanoseconds part in
datetime_object:format could be more than maximum positive
value, integer may have. Currently it leads to segfault.

```
tarantool> require('datetime').new{}:format('%2147483648f')
```

We should check errno in order to find out, if overflow
occurs. The problem is the fact, that `width` variable must
have int type due to snprintf requirements ("%*d") and
strtol returns long. Errno won't be set if returned value
is in bounds [INT_MAX, LONG_MAX], but it will overflow
int resulting in inconsistent behavior.

So, let's save the result of strotl to the temp value.
If this value doesn't belong to the above-mentioned set,
or errno was set, we assign to `width` maximum value, it
may have: 9.

Closes tarantool/security#31

NO_DOC=bugfix

(cherry picked from commit b6159217)

This patch fixes some possible bugs that may occur due to malloc
failure.

Closes tarantool/security#65
Closes tarantool/security#66
Closes tarantool/security#68

NO_DOC=bugfix
NO_TEST=hard to reproduce due to malloc() failure being an unusual case

To improve the stability of the tests, let's use unix sockets for iproto
connection instead of ports.

NO_DOC=testing stuff
NO_TEST=testing stuff
NO_CHANGELOG=testing stuff

(cherry picked from commit 65f66a6a)

Bump test-run to new version with the following improvements:

- Bump luatest to 0.5.7-25-g9e117e6 [1]

[1] tarantool/test-run@7c77fcb

NO_DOC=testing stuff
NO_TEST=testing stuff
NO_CHANGELOG=testing stuff

(cherry picked from commit 4334862f)

Bump test-run to new version with the following improvements:

- Bump luatest to 0.5.7-24-g8de38b3 [1] [2]
- Add ignore_zero option to get_vclock [3]

[1] https://github.com/tarantool/test-run/pull/370
[2] https://github.com/tarantool/test-run/pull/368
[3] https://github.com/tarantool/test-run/pull/367

NO_DOC=testing stuff
NO_TEST=testing stuff
NO_CHANGELOG=testing stuff

(cherry picked from commit 764299c1)

As a result of the commit 98fcd437 ("ci:
add CMAKE_EXTRA_PARAMS to LuaJIT workflow") both <inputs.buildtype> and
<inputs.GC64> parameters have become obsolete. All jobs with LuaJIT
integration testing has started to use these in scope of the commit
tarantool/luajit@5b53850da30e532ced976e95af1f301667a6a272 ("ci: use
CMAKE_EXTRA_PARAMS in LuaJIT integration"). Hence, the value of
<inputs.CMAKE_EXTRA_PARAMS> has to be used to specify the build flavor,
so <inputs.buildtype> and <inputs.GC64> can be dropped later.

NO_DOC=ci
NO_TEST=ci
NO_CHANGELOG=ci

Reviewed-by: Yaroslav Lobankov <y.lobankov@tarantool.org>
Signed-off-by: Igor Munkin <imun@tarantool.org>
(cherry picked from commit 7c5cc681)

As a result of the commit 1eb0a696 ("ci:
change runner dispatch for LuaJIT testing") <inputs.host> parameter has
become obsolete. The testing workflow has been updated in scope of the
commit tarantool/luajit@fcaecf8fb42ff8a35582fbd8d034eb6f3b9b5b68 ("ci:
use strategy matrix for integration workflow"). Hence, the only changes
required to finish the transition from <inputs.host> to <inputs.arch> +
<inputs.os> are the following:
* Drop <inputs.host> parameter from the LuaJIT integration workflow
* Make both <inputs.arch> and <inputs.os> parameters obligatory

Besides, there is no need to obtain the kernel name and the machine
hardware name in scope of the separate workflow step, since all info
need to be passed to .test.mk is already passed via workflow inputs.
Anyway, .test.mk need to be adjusted to the values used for the new
workflow parameters.

NO_DOC=ci
NO_TEST=ci
NO_CHANGELOG=ci

Reviewed-by: Yaroslav Lobankov <y.lobankov@tarantool.org>
Signed-off-by: Igor Munkin <imun@tarantool.org>
(cherry picked from commit fdf45222)

Before the patch the LuaJIT integration workflow was dispatched to the
runner with the name given via <inputs.host> parameter. Unfortunately,
as a result of runners renaming we can't continue to dispatch the
workflow this way.

As a result of the patch there are two new workflow parameters:
<inputs.arch> to pass the host architecture name (i.e. x86_64 or ARM64)
and <inputs.os> to pass the OS family name (either Linux or macOS).
Considering two values we can choose the proper runner in LuaJIT
integration workflow. Besides, this change bring LuaJIT CI closer to
matrix usage for its integration workflow.

All three workflow parameters are not obligatory for now to avoid
tarantool/luajit CI break on both long-term and working branches. When
all branches are rebased on the new approach, <inputs.host> parameter
will be removed and both <inputs.arch> and <inputs.os> will become
obligatory.

Moreover, the new 'regular' label is also added to <runs-on> list, since
the new "lightweight" runners have been introduced to ghacts-shared-*
pool. There are a couple of LuaJIT tests that requires more memory than
provided by "lightweight" runners, so only "regular" ones need to be
chosen for LuaJIT integration testing.

Last but not least: attentive reader might notice there are strange
values used as a default for <inputs.host> as well as <inputs.arch> and
<inputs.os>. This is ugly hack required for the transition period, since
one can't use empty string or unknown label name within <runs-on> label
list. Hence 'self-hosted' looks like the most robust option for both old
and new behaviours.

NO_DOC=ci
NO_TEST=ci
NO_CHANGELOG=ci

Reviewed-by: Yaroslav Lobankov <y.lobankov@tarantool.org>
Signed-off-by: Igor Munkin <imun@tarantool.org>
(cherry picked from commit 1eb0a696)

Fun fact: our self-hosted macOS runner has the same name as the one
provided by GitHub. Hence sometimes when no self-hosted runners are
available, the public GitHub one is chosen.

This patch enforces LuaJIT integration workflow to use only self-hosted
runner by explicitly specifying this in runs-on section.

NO_DOC=ci
NO_TEST=ci
NO_CHANGELOG=ci

Reviewed-by: Yaroslav Lobankov <y.lobankov@tarantool.org>
Signed-off-by: Igor Munkin <imun@tarantool.org>
(cherry picked from commit a8b95d09)

It's quite inconvenient to extend LuaJIT integration workflow now: one
needs to patch GitHub workflow file in Tarantool repository and then
setup integration testing in LuaJIT repository.

This patch introduces a new workflow parameter that can replace several
existing parameters (e.g. buildtype and GC64) and allow to easy extend
integration CI in LuaJIT (with rare little touches in Tarantool).

NO_DOC=ci
NO_TEST=ci
NO_CHANGELOG=ci

Reviewed-by: Sergey Kaplun <skaplun@tarantool.org>
Reviewed-by: Yaroslav Lobankov <y.lobankov@tarantool.org>
Signed-off-by: Igor Munkin <imun@tarantool.org>
(cherry picked from commit 98fcd437)

Fixing a bug with nodes in 'manual' election mode bumping the term
excessively revealed a hang in election_pre_vote test. Turns out the
test passed thanks to the previous buggy behaviour.

The following behaviour is expected: when a node is configured in manual
election mode, calling box.ctl.promote() on it should make it bump term
once, try to gather votes and fail on timeout.

Once the extra term bump on timeout was removed in commit 5765fdc4
("raft: fix 'manual' nodes bumping the term excessively"),
box.ctl.promote() without a quorum started hanging.

Let's return the correct behaviour: 'manual' nodes should transition
back to follower if an election timeout passes after the promotion
without any term outcome.

Enable the test_promote_no_quorum testcase of election_pre_vote test
back, since it's fixed now.

Follow-up #8168
Closes #8217

NO_DOC=bugfix
NO_CHANGELOG=changes not released behaviour

(cherry picked from commit 352fe0c7)

The memtx transaction manager MVCC invariant violation described in
c8eccfbb could actually lead to a bug described in #7394, since
`space:count` inherently relies on this invariant: add a test for this
case.

Closes #7394

NO_CHANGELOG=<bug was fixed in c8eccfbb>
NO_DOC=bugfix

(cherry picked from commit db6245f8)

A tuple update with the first operation creating a new field
somewhere deep in the tuple and the second operation trying to go
into that new field could crash. This happened because the route
branching function xrow_update_route_branch() missed this case.

It can be detected when see that the bar path is already fully
used (the next JSON token is END), and the new operation's path
is still not END.

Closes #8216

NO_DOC=bugfix

(cherry picked from commit d4e92809)

A tuple update with the first operation creating a new field
inside an array and the second operation trying to go into that
field could crash. This happened because the branching function
xrow_update_op_do_field_##op_type() didn't take into account newly
set scalar fields and an `unreachable()` was hit.

Part of #8216

NO_DOC=bugfix
NO_CHANGELOG=next commit

(cherry picked from commit eb26e732)

They are going to be needed above their declaration prior to this
patch. Also had to add a couple of obvious comments to calm
checkpatch down.

Needed for #8216

NO_DOC=refactoring
NO_TEST=refactoring
NO_CHANGELOG=refactoring

(cherry picked from commit 3260b930)

Generate a test build key when the ALPINE_BUILD_KEY secret is empty.
It is needed for fork PRs where secrets are unavailable.

NO_DOC=ci
NO_TEST=ci
NO_CHANGELOG=ci

(cherry picked from commit a7b9ed4f)

Since applied transactions are committed asynchronously, they are
inherently 'read committed', hence their isolation level should be adjusted
accordingly.

Closes #8121

NO_DOC=bugfix

(cherry picked from commit 7c12d490)

When we rollback a prepared statement that deletes an MVCC story, we need
to reset the deleted story's PSN.

Closes #7930

NO_DOC=bugfix

(cherry picked from commit de938a6f)

During transaction rollback, we unconditionally assign a PSN to it: we
should do this only when necessary, i.e., a transaction is RW and is not
already prepared.

Needed for #7930

NO_CHANGELOG=refactoring
NO_DOC=refactoring
NO_TEST=refactoring

(cherry picked from commit 494fe087)

Currently, if transaction preparation fails, the transaction is left in an
inconsistent state: it has a PSN assigned to it, but its status is not
'prepared' — fix this by resetting its PSN.

Needed for #7930

NO_CHANGELOG=refactoring
NO_DOC=refactoring
NO_TEST=refactoring

(cherry picked from commit c329e703)

During preparation of insert statements in MVCC, we define an old story and
abort all transactions that delete this story.

If there exists an older
story in the history chain, but the story is deleted by a prepared (not
necessarily committed) transaction, we consider that it de-facto does not
exist anymore — this logic is consistent, since during preparation of the
transaction deleting this story, the conflict resolution described above
was already done.

In this manner, there can be no more than one prepared statement deleting
a story at any point in time.

Closes #8104

NO_DOC=bugfix

(cherry picked from commit d7cf6f60)

Changed the work with hooks in the part of tests.

Legacy approach:

```
g.before_all = function() ... end
g.after_all = function() ... end
```

The logic of executing hooks will be expected and
more controlled if use following approach:

```
g.before_all(function() ... end)
g.after_all(function() ... end)
```

Resolve #8066

NO_DOC=test fix
NO_TEST=test fix
NO_CHANGELOG=test fix

(cherry picked from commit ed136255)

Add building Alpine 3.16 packages for amd64 and aarch64.

Part of tarantool/tarantool-qa#266

NO_DOC=ci
NO_TEST=ci

(cherry picked from commit 9a11ed4a)

* Update build-time and run-time dependencies.

* Support build with gc64 enabled.

* Disable sysprof due to the following error while building:

NO_WRAP
  ```
  <...>/third_party/luajit/src/lj_sysprof.c:29:10: fatal error: execinfo.h: No such file or directory
    29 | #include <execinfo.h>
       |
  ```
NO_WRAP

* Update .pack.mk to set package version in the case of a git tag to the
  following format:

    2.11.0[_<release type>]

  Where `<release type>` is `alpha1`, `beta1`, `rc1`, etc.
  Note, we have an extra logic when the git tag is `x.x.x-entrypoint`.
  Alpine build system doesn't support package name with such kind of
  version and that's why we use `alpha0` instead of `entrypoint`.
  See for details [1].

* Update .pack.mk to set package version in the other cases to the
  following format:

    2.11.0_<release type>_p<N>

  Where `<release type>` is `alpha1`, `beta1`, `rc1`, etc and `<N>` is
  the patch number after the latest release. Unfortunately, we cannot
  use the similar version pattern that we use for dev DEB/RPM packages
  (`2.11.0_<release type>.<N>.dev`) because Alpine build system doesn't
  support it. Plus, we have the same logic for `entrypoint` here.
  See for details [1].

[1] https://wiki.alpinelinux.org/wiki/APKBUILD_Reference#pkgver

Part of tarantool/tarantool-qa#266

NO_DOC=ci
NO_TEST=ci
NO_CHANGELOG=ci

(cherry picked from commit 407a4d7f)

test_promote_no_quorum testcase in election_pre_vote test started flaky
hanging after commit 5765fdc4 ("raft: fix 'manual' nodes bumping the
term excessively").

Disable it until the issue (#8217) is resolved.

In-scope-of #8217

NO_DOC=tests
NO_CHANGELOG=tests

(cherry picked from commit 3273a51d)

Promotion of a leader in the test requires previous leader state
arrived to all replicas. Inconsistency may lead to promotion failure,
which is correct from the raft point of view, but not expected by the
test.

Closes #7785

NO_DOC=test
NO_CHANGELOG=test

(cherry picked from commit 895cb2d2)