This list contains several header files, which has no
`/** cond public */` and `/** \endcond public */` instructions.

While I'm on it, drop `/** \endcond public */` from box.cc.

NO_DOC=pure code health patch, no visible changes
NO_TEST=pure code health patch, no visible changes
NO_CHANGELOG=pure code health patch, no visible changes

The GENERATED and HEADER_FILE_ONLY source file properties should be
followed by a boolean value. CMake 3.20+ warns if it is not so, see [1].

It seems, the module.h properties do not actually change anything
visible in our case.

[1]: https://cmake.org/cmake/help/latest/policy/CMP0118.html

NO_DOC=pure code health patch, no visible changes
NO_TEST=pure code health patch, no visible changes
NO_CHANGELOG=pure code health patch, no visible changes

The main decision made in this patch is how large the public
`box_decimal_t` type should be. Let's look on some calculations.

We're interested in the following values.

* How much decimal digits is stored?
* Size of an internal decimal type (`sizeof(decimal_t)`).
* Size of a buffer to store a string representation of any valid
  `decimat_t` value.
* Largest signed integer type fully represented in decimal_t (number of
  bits).
* Largest unsigned integer type fully represented in decimal_t (number
  of bits).

Now `decimal_t` is defined to store 38 decimal digits. It means the
following values:

| digits | sizeof | string | int???_t | uint???_t |
| ------ | ------ | ------ | -------- | --------- |
| 38     | 36     | 52     | 126      | 127       |

In fact, decNumber (the library we currently use under the hood) allows
to vary the 'decimal digits per unit' parameter, which is 3 by default,
so we can choose density of the representation. For example, for given
38 digits the sizeof is 36 by default, but it may vary from 28 to 47
bytes:

| digits | sizeof     | string | int???_t | uint???_t |
| ------ | ---------- | ------ | -------- | --------- |
| 38     | 36 (28-47) | 52     | 126      | 127       |

If we'll want to store `int128_t` and `uint128_t` ranges, we'll need 39
digits:

| digits | sizeof     | string | int???_t | uint???_t |
| ------ | ---------- | ------ | -------- | --------- |
| 39     | 36 (29-48) | 53     | 130      | 129       |

If we'll want to store `int256_t` and `uint256_t` ranges:

| digits | sizeof     | string | int???_t | uint???_t |
| ------ | ---------- | ------ | -------- | --------- |
| 78     | 62 (48-87) | 92     | 260      | 259       |

If we'll want to store `int512_t` and `uint512_t` ranges:

| digits | sizeof       | string | int???_t | uint???_t |
| ------ | ------------ | ------ | -------- | --------- |
| 155    | 114 (84-164) | 169    | 515      | 514       |

The decision here is what we consdider as possible and what as unlikely.
The patch freeze the maximum amount of bytes in `decimal_t` as 64. So
we'll able to store 256 bit integers and will NOT able to store 512 bit
integers in a future (without the ABI breakage at least).

The script, which helps to calculate those tables, is at end of the
commit message.

Next, how else `box_decimal_*()` library is different from the internal
`decimal_*()`?

* Added a structure that may hold any decimal value from any current or
  future tarantool version.
* Added `box_decimal_copy()`.
* Left `strtodec()` out of scope -- we can add it later.
* Left `decimal_str()` out of scope -- it looks dangerous without at
  least a good explanation when data in the static buffer are
  invalidated. There is `box_decimal_to_string()` that writes to an
  explicitly provided buffer.
* Added `box_decimal_mp_*()` for encoding to/decoding from msgpack.
  Unlike `mp_decimal.h` functions, here we always have `box_decimal_t`
  as the first parameter.
* Left `decimal_pack()` out of scope, because a user unlikely wants to
  serialize a decimal value piece-by-piece.
* Exposed `decimal_unpack()` as `box_decimal_mp_decode_data()` to keep a
  consistent terminogoly around msgpack encoding/decoding.
* More detailed API description, grouping by functionality.

The script, which helps to calculate sizes around `decimal_t`:

```lua
-- See notes in decNumber.h.

-- DECOPUN: DECimal Digits Per UNit
local function unit_size(DECOPUN)
    assert(DECOPUN > 0 and DECOPUN < 10)
    if DECOPUN <= 2 then
        return 1
    elseif DECOPUN <= 4 then
        return 2
    end
    return 4
end

function sizeof_decimal_t(digits, DECOPUN)
    -- int32_t digits;
    -- int32_t exponent;
    -- uint8_t bits;
    -- <..padding..>
    -- <..units..>
    local us = unit_size(DECOPUN)
    local padding = us - 1
    local unit_count = math.ceil(digits / DECOPUN)
    return 4 + 4 + 1 + padding + us * unit_count
end

function string_buffer(digits)
    -- -9.{9...}E+999999999# (# is '\0')
    -- ^ ^      ^^^^^^^^^^^^
    return digits + 14
end

function binary_signed(digits)
    local x = 1
    while math.log10(2 ^ (x - 1)) < digits do
        x = x + 1
    end
    return x - 1
end

function binary_unsigned(digits)
    local x = 1
    while math.log10(2 ^ x) < digits do
        x = x + 1
    end
    return x - 1
end

function digits_for_binary_signed(x)
    return math.ceil(math.log10(2 ^ (x - 1)))
end

function digits_for_binary_unsigned(x)
    return math.ceil(math.log10(2 ^ x))
end

function summary(digits)
    print('digits', digits)
    local sizeof_min = math.huge
    local sizeof_max = 0
    local DECOPUN_sizeof_min
    local DECOPUN_sizeof_max
    for DECOPUN = 1, 9 do
        local sizeof = sizeof_decimal_t(digits, DECOPUN)
        print('sizeof', sizeof, 'DECOPUN', DECOPUN)
        if sizeof < sizeof_min then
            sizeof_min = sizeof
            DECOPUN_sizeof_min = DECOPUN
        end
        if sizeof > sizeof_max then
            sizeof_max = sizeof
            DECOPUN_sizeof_max = DECOPUN
        end
    end
    print('sizeof min', sizeof_min, 'DECOPUN', DECOPUN_sizeof_min)
    print('sizeof max', sizeof_max, 'DECOPUN', DECOPUN_sizeof_max)
    print('string', string_buffer(digits))
    print('int???_t', binary_signed(digits))
    print('uint???_t', binary_unsigned(digits))
end
```

Part of #7228

@TarantoolBot document
Title: Module API for decimals

See the declarations in `src/box/decimal.h` in tarantool sources.

This is preparatory commit for exposing decimals into the module API.
We'll mark the argument in the public function as const, so it would be
more accurate to have it marked as const in the internal API as well.

Part of #7228

NO_DOC=this is internal API, no user-visible changes
NO_TEST=no behavior changes
NO_CHANGELOG=no user-visible changes

It is preparatory commit to add box/decimal.h header, which will hold
module API for decimals.

Part of #7228

NO_DOC=no user-visible changes
NO_TEST=no behavior changes
NO_CHANGELOG=no user-visible changes

This patch fixes the following issue: the submodule_update.yml workflow
always updated the tarantool submodule in the tarantool-ee repo to the
last commit from the `master` branch, even if it was tarantool-ee 2.10.
Now it is fixed.

NO_DOC=ci
NO_TEST=ci
NO_CHANGELOG=ci

* Call error function on rethrow after trace exit.
* Fix handling of errors during snapshot restore.

Part of #7230

NO_DOC=LuaJIT submodule bump
NO_TEST=LuaJIT submodule bump

Commit ed16c1e5 ("build: fix bundled
libcurl and c-ares build on OS X") fixed building libcurl with ares by
adding a dependency on libresolv for Mac OS X. It was forgotten to add
libresolv to check-dependencies exceptions for static build. Do this now.

NO_DOC=CI stuff
NO_TEST=CI stuff
NO_CHANGELOG=CI stuff

Integrate Matthew Haggerty's patches silencing a bunch of gcc build
warnings.

NO_DOC=build
NO_TEST=build
NO_CHANGELOG=build

Previous version was an intermediate one - 1.15.0-35

The update brings a bunch of CVE fixes:
 * CVE-2020-14354 fixed in c-ares 1.16.1
 * CVE-2020-8277 fixed in c-ares 1.17.0
 * CVE-2021-3672 fixed in c-ares 1.17.2

And a bunch of other security fixes

NO_DOC=build
NO_TEST=build
NO_CHANGELOG=build

The option was forgotten back when bundled c-ares was just introduced.
Let's fix this now for the sake of consistency with other options.

NO_DOC=build fix
NO_TEST=build fix
NO_CHANGELOG=build fix

c-ares relies on libresolv on OS X, and when built statically, brings
the same dependency on to libcurl.

Link libcurl with libresolv explicitly when linking with c-ares

NO_DOC=build fix
NO_TEST=build fix
NO_CHANGELOG=build fix

NO_DOC=build
NO_TEST=build

The static build for Linux leans on glibc provided iconv functions. On
Mac OS it links GNU libiconv statically. This patch updates the libiconv
version from 1.16 (released in 2019) to 1.17 (released in 2022).

It is just regular maintenance update. No behaviour changes are
expected. The libiconv 1.17 changelog (see the NEWS file in the archive)
does not mention anything that may have influence on behavior of
tarantool's iconv built-in module.

NO_DOC=no user-visible changes
NO_TEST=no user-visible changes
NO_CHANGELOG=no user-visible changes

Updated third_party/zstd submodule from v1.5.0 to 1.5.2 version.
The new version fixes a few bugs found by fuzzing testing.

Note, the new zstd version contains a .S source file so we need to
include ASM to the CMake project languages.

NO_DOC=build
NO_TEST=build

When I bumped ZSTD (see the next commit), Fedora 34, 35, 36 workflows
started to fail with the following error:

NO_WRAP
In function ‘txn_commit_ro_stmt’,
    inlined from ‘box_select’ at /build/usr/src/debug/tarantool-2.11.0~entrypoint.306.dev/src/box/box.cc:2569:20:
/build/usr/src/debug/tarantool-2.11.0~entrypoint.306.dev/src/box/txn.h:812:32: error: ‘svp.region’ may be used uninitialized [-Werror=maybe-uninitialized]
  812 |                 region_truncate(svp->region, svp->region_used);
      |                                ^
/build/usr/src/debug/tarantool-2.11.0~entrypoint.306.dev/src/box/box.cc: In function ‘box_select’:
/build/usr/src/debug/tarantool-2.11.0~entrypoint.306.dev/src/box/box.cc:2523:33: note: ‘svp.region’ was declared here
 2523 |         struct txn_ro_savepoint svp;
      |                                 ^
In function ‘txn_commit_ro_stmt’,
    inlined from ‘box_select’ at /build/usr/src/debug/tarantool-2.11.0~entrypoint.306.dev/src/box/box.cc:2569:20:
/build/usr/src/debug/tarantool-2.11.0~entrypoint.306.dev/src/box/txn.h:812:32: error: ‘svp.region_used’ may be used uninitialized [-Werror=maybe-uninitialized]
  812 |                 region_truncate(svp->region, svp->region_used);
      |                                ^
/build/usr/src/debug/tarantool-2.11.0~entrypoint.306.dev/src/box/box.cc: In function ‘box_select’:
/build/usr/src/debug/tarantool-2.11.0~entrypoint.306.dev/src/box/box.cc:2523:33: note: ‘svp.region_used’ was declared here
 2523 |         struct txn_ro_savepoint svp;
      |                                 ^
NO_WRAP

This is clearly a false-positive error, because we initialize and use
txn_ro_savepoint iff txn == NULL. Interestingly, we use txn_ro_savepoint
in exactly the same way in box_index_get, but get no error there. Looks
like a compiler bug. I failed to reproduce the issue locally in a Docker
container.

Let's suppress this false-positive error by always initializing
txn_ro_savepoint in txn_begin_ro_stmt - it's cheap.

NO_DOC=compilation fix
NO_TEST=compilation fix
NO_CHANGELOG=compilation fix

GitHub shuts down the macos-10.15 virtual environments [1] and
the bug [2] is fixed. So it's time to move the OSX static build
testing to a newer environment.

[1] https://github.com/actions/virtual-environments/issues/5583
[2] https://github.com/tarantool/tarantool/issues/7459

NO_DOC=ci
NO_TEST=ci
NO_CHANGELOG=ci

Without `-isysroot <SDK_PATH>` the build fails:

```
/Library/Developer/CommandLineTools/usr/bin/make[4]: Making `all' in   \
    `makeconv'
/Library/Developer/CommandLineTools/usr/bin/c++ -O2 -W -Wall -pedantic \
    -Wpointer-arith -Wwrite-strings -Wno-long-long -std=c++11          \
    -Wno-ambiguous-reversed-operator     -o ../../bin/makeconv         \
    gencnvex.o genmbcs.o makeconv.o ucnvstat.o -L../../lib -licutu     \
    -L../../lib -licui18n -L../../lib -licuuc -L../../stubdata         \
    -licudata -lpthread -lm
ld: library not found for -lpthread
clang: error: linker command failed with exit code 1 (use -v to see    \
    invocation)
```

ICU is written on C++, so we should pass `CXXFLAGS`, not only `CFLAGS`.

Note: `CPPFLAGS` stands for C preprocessor flags, not C++ flags.

Fixes #7459

NO_DOC=it fixes a build failure for one of build types, nothing to
       document
NO_TEST=it will be tested in a next commit by enabling corresponding
        GitHub Action workflow

Patch updates libyaml to the version that contains fixes of stack
overflows [1]. PR in upstream with original patch: "Avoid recursion in
the document loader" [2].

1. https://github.com/yaml/libyaml/issues/107
2. https://github.com/yaml/libyaml/pull/127

NO_DOC=internal
NO_TEST=internal

This is just regular update to bring bugfixes and improvements in the
library into tarantool.

https://github.com/nghttp2/nghttp2/releases/tag/v1.48.0

NO_DOC=there is no known behavior changes, consider the change as not
       visible for a user
NO_TEST=there is no specific problem we want to solve and verify here
NO_CHANGELOG=see NO_DOC

- Run the workflow in tarantool/tarantool repo only
- Fix the condition to compose PR title prefix
- Add a small description for created PRs

NO_DOC=ci
NO_TEST=ci
NO_CHANGELOG=ci

Just regular update to bring readline security fixes into tarantool.

Added a patch to fix file descriptor leak with zero-length history file.

Source of patch: https://ftp.gnu.org/gnu/readline/readline-8.0-patches/
Announcement: https://lists.gnu.org/archive/html/bug-readline/2019-08/msg00004.html

NO_TEST=security update of a dependency
NO_DOC=security update of a dependency

Just regular update to bring ncurses security fixes into tarantool.

New version brings a number of functional and security fixes:
- ncurses 6.3 before patch 20220416 has an out-of-bounds read and
segmentation violation in convert_strings in tinfo/read_entry.c in the
terminfo library (CVE-2022-29458).
- ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based
buffer overflow (CVE-2021-39537).

CVE-2022-29458 Detail: https://nvd.nist.gov/vuln/detail/CVE-2022-29458
CVE-2021-39537 Detail: https://nvd.nist.gov/vuln/detail/CVE-2021-39537
Release announcement: https://lists.gnu.org/archive/html/bug-ncurses/2022-07/msg00008.html

NOTE: Build system uses a link to tarball on a local storage instead of
official mirror [1].

1. https://invisible-mirror.net/archives/ncurses/current/

NO_TEST=security update of a dependency
NO_DOC=security update of a dependency

This is a backport of commit
https://github.com/postgres/postgres/commit/9d6077abf9d6efd992a59f05ef5aba981ea32096

It's standard for quicksort implementations, after having partitioned the
input into two subgroups, to recurse to process the smaller partition and
then handle the larger partition by iterating.  This method guarantees
that no more than log2(N) levels of recursion can be needed.  However,
Bentley and McIlroy argued that checking to see which partition is smaller
isn't worth the cycles, and so their code doesn't do that but just always
recurses on the left partition.  In most cases that's fine; but with
worst-case input we might need O(N) levels of recursion, and that means
that qsort could be driven to stack overflow.  Such an overflow seems to
be the only explanation for today's report from Yiqing Jin of a SIGSEGV
in med3_tuple while creating an index of a couple billion entries with a
very large maintenance_work_mem setting.  Therefore, let's spend the few
additional cycles and lines of code needed to choose the smaller partition
for recursion.

NO_DOC=bug fix
NO_TEST=backport

The current version of Luarocks used in tarantool has a
security vulnerability:
https://github.com/luarocks/luarocks/pull/1019

This issue is fixed in release 3.1.3, commit:
6ffa8cbe2bcdea2c1ee0f4b32291d179210707b6

Part of https://github.com/tarantool/security/issues/12

NO_DOC=bugfix
NO_TEST=bugfix
NO_CHANGELOG=bugfix

Bump tarantool submodule in tarantool-ee via pull requests:

* tarantool@master -> tarantool-ee@TarantoolBot/update-tarantool-master
* tarantool@2.10 -> tarantool-ee@TarantoolBot/update-tarantool-2.10

If there is an open PR already, it will be updated every time when
a new commit is pushed to tarantool@master or tarantool@2.10.

NO_DOC=ci
NO_TEST=ci
NO_CHANGELOG=ci

Closes tarantool/tarantool-ee#175

In most cases, NaN was treated as NULL. But in case NaN was returned as
a result of a Lua or C user defined function, it was considered a
double. After this patch, NaN will also be considered NULL in the
specified cases.

Closes #6374
Closes #6572

NO_DOC=bugfix

This patch makes the is_res_neg flag false in the sql_rem_int() function
if the left value is negative and the result is 0. Prior to this patch,
the value of the flag was true, which resulted in an assertion during
encoding 0 as MP_INT.

Closes #6575

NO_DOC=bugfix

The smallest positive double value is 2.225E-307, and the value before
the exponent has a maximum of 15 digits after the decimal point. This
means that double values cannot have more than 307 + 15 digits after
the decimal point.

After this patch, ROUND() will return its first argument unchanged if
the first argument is DOUBLE and the second argument is INTEGER greater
than 322.

Closes #6650

NO_DOC=bugfix

Compressed tuples aren't supposed to be seen outside memtx internals:
we always decompresses tuples before returning them to the user; tuples
are written decompressed to xlog. We should also decompress tuples
before writing them to a snapshot or sending them to a remote replica,
but currently we don't, which results in a crash trying to recover from
a snapshot that contains compressed spaces.

This patch fixes this by decompressing all tuples in snapshot iterator.
Since the decompressed tuples are allocated on the region, we should
also call fiber_gc() after each snapshot iterator iteration. Note that
the decompression is unconditional, i.e. we try to decompress all
tuples stored in an index. In general we can't figure out if a tuple is
compressed, because its format may be unavailable (when a tuple is
freed, its format_id is overwritten).

Needed for https://github.com/tarantool/tarantool-ee/issues/171

NO_DOC=bug fix
NO_TEST=ee
NO_CHANGELOG=ee

memtx_tuple_maybe_decompress calls memtx_tuple_decompress if the tuple
is compressed, otherwise it returns the tuple as is. Actually, the only
place we call memtx_tuple_decompress directly is memtx_tuple_validate,
but there we check if the tuple is compressed first so we could just as
well call memtx_tuple_maybe_decompress.

Let's make memtx_tuple_decompress work like memtx_tuple_maybe_decompress
and kill the latter.

NO_DOC=refactoring
NO_TEST=refactoring
NO_CHANGELOG=refactoring

@TarantoolBot document
Title: Fiber slice

Introduce fiber slices. Fiber slice is over if fiber is being
executed without yield longer than the value of the slice.
One can check if the slice is over. Also it is checked during
space iteration when one uses select/pairs/get methods and
before DML queries. Fiber slice consists of two parts: warning
and error slices. When warning slice is over, warning
"fiber has not yielded for more than <warn_slice> seconds"
will be written in log, and when error slice is over, an error
"FiberSliceIsExceeded: fiber slice is exceeded" will be
thrown. Default fiber slice is 0.5 sec for warning and 1.0 sec
for error.

Lua API:
slice = {warn = time_in_seconds, err = time_in_seconds}
- fiber.check_slice() - write in warn log if warning slice is over,
throw an error if error slice is over.
- fiber.set_max_slice([fib_id], slice) - set max slice to passed fiber,
otherwise set default max slice that will used by all fibers without
max slice. One can pass number instead of table to set error slice
and disable warning.
- fiber.set_slice(slice) - set slice for current fiber execution.
One can pass number instead of table to set error slice
and disable warning.
- fiber.extend_slice(slice) - extend slice of current fiber execution.
One can pass number instead of table to extend error slice only.

One can send SIGURG to an instance to set current slice to 0.
It will stop iteration over space.

Examples:

Using fiber slice to stop doing stuff.
```lua
fiber = require('fiber')
function fib_f()
    -- Run until condition is false or error slice is over.
    while condition do
        fiber.check_slice()
        do_stuff()
    end
end

fib = fiber.new(fib_f)
-- Set error slice 0.5 sec and no warning slice for our fiber.
fib:set_max_slice(0.5)
fib:set_joinable(true)
fib:join()
```

Using fiber slice to limit iteration in space.
```lua
fiber = require('fiber')
function fib_f()
    -- Full scan on a huge space will be stopped.
    box.space.huge_space:select{}
end

fib = fiber.new(fib_f)
-- Set error timeout 3 sec and warning timeout 0.2 sec for our fiber.
fib:set_max_slice({warn = 0.2, err = 3})
fib:set_joinable(true)
fib:join()
```

NO_TEST=no changes

The patch introduces opportunity for user to reset
slice of current fiber execution. It allows to limit
iteration in space with SIGURG.

NO_CHANGELOG=see later commits
NO_DOC=see later commits

Currently, there is no way to interrupt a long execution of a
request (such as s:select(nil)). This patch introduces this
opportunity.

Box will use fiber deadline timeout as a timeout for DML usage.
Thus, when deadline of current fiber is up, all DML requests will
end with a particular error.

Closes #6085

NO_CHANGELOG=see later commits
NO_DOC=see later commits

Part of #6085

NO_TEST=no behavior changes
NO_CHANGELOG=no behavior changes
NO_DOC=no behavior changes

This patch introduces execution time slice for fiber. Later, we will use
this mechanism to limit iteration in space.

Part of #6085

NO_CHANGELOG=see later commits
NO_DOC=see later commits

The Rust module [1] leans on several internal symbols. They were open in
Tarantool 2.8 (see #2971 and #5932), but never were in the public API.
Tarantool 2.10.0 hides the symbols and we need a way to get them back to
use in the module.

We have the following options:

1. Design and expose a module API for fiber channels.
2. Export the symbols with a prefix like `tnt_internal_` (to don't spoil
   the global namespace).
3. Provide a `dlsym()` alike function to get an address of an internal
   symbol for users who knows what they're doing.

I think that the third way offers the best compromise between amount of
effort, quality of the result and opportunities to extend. In this
commit I hardcoded the list of functions to make the change as safe as
possible. Later I'll return here to autogenerate the list.

Exported the following function from the tarantool executable:

```c
void *
tnt_internal_symbol(const char *name);
```

I don't add it into the module API headers, because the function is to
perform a dark magic and we don't suggest it for users.

While I'm here, added `static` to a couple of fiber channel functions,
which are only used within the compilation unit.

[1]: https://github.com/picodata/tarantool-module

Part of #7228
Related to #6372

NO_DOC=don't advertize the dangerous API
NO_CHANGELOG=don't advertize the dangerous API

This patch adds missing `ninja` package to deps for FreeBSD and OSX
systems to provide possibility to use `ninja` as a build system on
them.

NO_DOC=ci
NO_TEST=ci
NO_CHANGELOG=ci

The valid range for thread_id is [0, iproto_threads_count - 1].

Closes #7196

NO_DOC=bugfix

If Tarantool tests fail in LuaJIT integration workflow used in
tarantool/luajit repository and LuaJIT submodule is already bumped in
tarantool/tarantool repository, one can't rerun the failed job since
"LuaJIT bump" step brings down the whole pipeline with "nothing to
commit" reason.

There are still many flaky tests, so to make this integration workflow
rerunnable from tarantool/luajit repository --allow-empty option is
added to the git commit command.

NO_DOC=ci
NO_TEST=ci
NO_CHANGELOG=ci

Reviewed-by: Yaroslav Lobankov <y.lobankov@tarantool.org>
Reviewed-by: Sergey Kaplun <skaplun@tarantool.org>
Signed-off-by: Igor Munkin <imun@tarantool.org>