This commit adds the RFC for the sysprof that
was approved a year ago.

Part of #781

NO_DOC=RFC
NO_TEST=RFC
NO_CHANGELOG=RFC

(cherry picked from commit 958a1503)

When calculating `rows_index` in `netbox_decode_execute` etc we use
implementation defined behavior of compiler. `i < mapsize` and this is
fine according to standard as unsigned arithmetic is well defined on
overflows. But then we cast the result to int and this is implementation
defined as the result can not be represented by int.

Closes https://github.com/tarantool/security/issues/98

NO_DOC=minor
NO_TEST=minor
NO_CHANGELOG=minor

(cherry picked from commit baba38e6)

Generate changelog for 2.10.5 release.
Also, clean changelogs/unreleased folder.

NO_DOC=no code changes
NO_TEST=no code changes
NO_CHANGELOG=no code changes

Proofread changelogs for 2.10.5
Fix grammar, punctuation, and wording

NO_CHANGELOG=changelog
NO_DOC=changelog
NO_TEST=changelog

* ci: add LUAJIT_ENABLE_CHECKHOOK for exotic matrix
* ci: add ARM64 architecture to exotic testing
* ci: update action/checkout to v3
* Fix os.date() for wider libc strftime() compatibility.
* x86/x64: Fix loop realignment.
* ci: introduce workflow for exotic builds
* sysprof: fix interval parsing in dual-number mode
* test: add test for `string.format('%c', 0)`
* ci: drop obsolete arguments for LuaJIT integration
* ci: stop using Ninja for integration testing

Part of #8069

NO_DOC=LuaJIT submodule bump
NO_TEST=LuaJIT submodule bump

Check allocation and deallocation of different sizes of
of functional index function result.

Follow-up #6786

NO_DOC=test
NO_CHANGELOG=test

(cherry picked from commit 6e9513d6)

When function of a functional index is called, the result is
stored in memtx allocator chunks among data tuples. By design,
memtx allocator requires size of allocation for deallocation,
so the size has to be stored along with the data (actually right
before it). By a mistake, when being deleted, the size of data
was retrieved slightly wrong, giving the value of 4 bytes less.
Due to the allocator specific design the size error leads to a
rare crashes when the size of functional index function result
was about 160 bytes (157..160 bytes with default config). It
seems that sizes about 320 etc are affected to.

Fix it by correct size evaluation of functional index chunks.

Hotfix of #6786

NO_DOC=bug fix
NO_TEST=see later commits

Fixes commit 837b0948 ("box: handle region_alloc failure in
tuple_field_map_create_plain").

NO_DOC=build fix
NO_TEST=build fix
NO_CHANGELOG=build fix

Let's use xregion_alloc instead of region_alloc, because memory
allocations from fiber region shouldn't normally fail, see #3534.

Closes tarantool/security#97

NO_DOC=bug fix
NO_TEST=shouldn't normally happen
NO_CHANGELOG=see NO_TEST

(cherry picked from commit c690d708)

This patch fixes potential read of uninitialized variable
in history_truncate_file()

Fixed in upstream:
https://git.savannah.gnu.org/cgit/readline.git/commit/?h=devel&id=b4ebdc06601fb54297435d2e286d901cba1cd6c6

Closes tarantool/security#95

NO_DOC=security
NO_TEST=security
NO_CHANGELOG=security

(cherry picked from commit 2087154a)

n_ssl3_mac(): Fix possible divide by zero.
Fixed in openssl3:
https://github.com/openssl/openssl/commit/624efd2ba6f1dabdcdecf17c77bd206c421efdaf

Closes tarantool/security#90

NO_DOC=security
NO_TEST=security
NO_CHANGELOG=security

(cherry picked from commit cf0d3203)

Fixed a bug with syslog priority for OS with non-standart `LOG_MAKEPRI`
macro.

Affected all versions for OS: Alpine (including official docker images),
OpenBSD and maybe others.

Fixes #8269

NO_DOC=bugfix
NO_TEST=exists

(cherry picked from commit acca6d7a)

Bump test-run to new version with the following improvements:

- Bump luatest to 0.5.7-27-g42d4e24 [1]

[1] tarantool/test-run@ea517ac

NO_DOC=testing stuff
NO_TEST=testing stuff
NO_CHANGELOG=testing stuff

(cherry picked from commit ba7b967e)

This patch adds a type check of the first argument of the
tuple_field_by_path() function.

Closes tarantool/security#82

NO_DOC=internal
NO_TEST=internal
NO_CHANGELOG=internal

(cherry picked from commit 0d9213aa)

If `dynamic_cast` fails, then NULL is returned. Even thought
assertion is set, we cannot rely on it, as we don't use debug
version of icu. Let's check if `rbnf` variable is not NULL
explicitly.

If it somehow turned out to be NULL, then memory allocation
error will be thrown.

Closes tarantool/security#61

NO_CHANGELOG=<security fix>
NO_DOC=<security fix>
NO_TEST=<third-party security fix>

(cherry picked from commit 62bb71cf)

According to the business logic and assertions `idx` and `data32`
variables cannot be equal to NULL at the same time. However, we
cannot rely on assertions.

Let's check that explicitly. If this situation occurs somehow
the function exits as we cannot recover from this situation: we
don't have sources, from which values for enumeration can be taken.
Moreover, continuing of the code execution is such situation may
lead to accessing NULL if `c<limit`.

Closes tarantool/security#59

NO_CHANGELOG=<security fix>
NO_DOC=<security fix>
NO_TEST=<third-party security fix>

(cherry picked from commit 73b01ea5)

Bump the small submodule and use small_getpagesize(), which is a
wrapper over sysconf(_SC_PAGESIZE) with a proper error checking.

Closes tarantool/security#78

NO_DOC=refactoring
NO_TEST=refactoring
NO_CHANGELOG=refactoring

(cherry picked from commit 7932144d)

obuf_alloc(&log->zbuf, XLOG_FIXHEADER_SIZE) can potentially fail,
because there is no obuf_reserve() prior to it.

Closes tarantool/security#74

NO_DOC=bugfix
NO_CHANGELOG=bugfix
NO_TEST=no test harness for checking OOM

(cherry picked from commit 32dfcb3c)

The YAML serializer fails to detect aliases in objects returned by
the __serialize method:

tarantool> x = {}
---
...

tarantool> {a = x, b = x}
---
- a: &0 []
  b: *0
...

tarantool> setmetatable({}, {
         >     __serialize = function() return {a = x, b = x} end,
         > })
---
- a: []
  b: []
...

Fix this by scanning the object returned by the __serialize method
(called by luaL_checkfield) for references.

Closes #8240

NO_DOC=bug fix

(cherry picked from commit b42302f5)

The YAML format supports aliasing - if the same object is referenced
more than once, it will be encoded in one places with other places
being turned to references:

  tarantool> x = {}
  ---
  ...

  tarantool> {a = x, b = x}
  ---
  - a: &0 []
    b: *0
  ...

This feature is useful for dumping a space list (e.g. box.space)
to the console, because each space is referenced by name and id.

However, it doesn't work if the referenced object implements
the __serialize method:

  tarantool> x = setmetatable({}, {
           >     __serialize = function() return {} end,
           > })
  ---
  ...

  tarantool> {a = x, b = x}
  ---
  - a: []
    b: []
  ...

This happens because we check for aliases in dump_array and dump_table
(with get_yaml_anchor), after calling the __serialize method via
luaL_checkfield. Since the __serialize method may (and usually does)
return a different object on each invocation, aliases aren't detected.

Let's fix it by calling alias detection (get_yaml_anchor) before
luaL_checkfield and passing the anchor to dump_table/dump_array.

Needed for https://github.com/tarantool/tarantool-ee/issues/221
Part of #8240

NO_DOC=bug fix
NO_CHANGELOG=next commit

(cherry picked from commit 310de56f)

It was possible to execute arbitrary Lua code outside of the setfenv()
environment. Example:

NO_WRAP
```lua
tarantool> box.cfg{replication_synchro_quorum = [=[N / 2 + 1]] _G.test = true --[[]=]}
tarantool> test
---
- true
...
```
NO_WRAP

How it works:

```lua
local expr = [[%s]]
```

Let's assume that `%s` is replaced by `]]<..code..>--[[`. The result is the
following (newlines are added for readability):

```lua
local expr = [[]]
<..code..>
--[[]]
```

This code is executed outside of the setfenv() protected function.

The fix is to pass the expression as an argument instead of using
`snprintf()`.

Fixes https://github.com/tarantool/security/issues/20
Fixes GHSA-74jr-2fq7-vp42

NO_DOC=bugfix

Sometimes the return value of cfg_gets() is checked for NULL, and sometimes
not. Actually this is intended, although a bit confusing. If an option can
have a nil value, it must be checked for NULL, but if it can't be nil,
there is no sense in it. The nil value can be assigned only by default, it
cannot be set via box.cfg{}.

This patch removes the NULL checks for cfg_gets("election_mode") and
cfg_gets("election_fencing_mode") because they are not nil by default.
All other non-nil options (e.g. cfg_gets("bootstrap_strategy")) are
already implemented without the NULL checks.

Follow-up tarantool/security#75

NO_DOC=refactoring
NO_TEST=refactoring
NO_CHANGELOG=refactoring

(cherry picked from commit 5a2dc43c)

`mpstream_encode_double`, apparently, has a typo: the result of
`mpstream_reserve` is checked after encoding the double into the result
buffer — fix it.

Closes tarantool/security#63

NO_DOC=bug fix
NO_CHANGELOG=see NO_TEST
NO_TEST=unlikely to happen because malloc shouldn't normally fail, and
	we don't test other mpstream methods for OOM either

(cherry picked from commit ccf3130c)

 - Use tabs instead of spaces as we usually do.
 - Drop pointless coversion of (void *) to (char *).
 - Add missing comments to struct mpstream members.
 - Cleanup header list.
 - Use short licence.

NO_DOC=code cleanup
NO_TEST=code cleanup
NO_CHANGELOG=code cleanup

(cherry picked from commit c2b76592)

`fiber_new_system` can potentially fail — its return value for the watcher
fiber must be checked and an exception must be raised in case it does fail.

Closes tarantool/security#87

NO_CHANGELOG=<security fix>
NO_DOC=<security fix>
NO_TEST=<no test harness for checking OOM>

(cherry picked from commit e9fad4c7)

This patch fixes an issue with checking the result of sql_get_coll_seq()
in sql_expr_coll(). This fix only changes the error if the collation
combination is invalid because sql_get_coll_seq() sets the is_aborted
flag and error will be thrown in any case.

Closes tarantool/security#80

NO_DOC=change of returned error in rare case
NO_CHANGELOG=change of returned error in rare case

(cherry picked from commit e9f1beab)

`set_client_ciphersuite` can potentially dereference NULL if the session's
cipher is not set — add a check for this condition.

Closes tarantool/security#27

NO_CHANGELOG=<security fix>
NO_DOC=<security fix>
NO_TEST=<third-party security fix>

(cherry picked from commit a8c6c27c)

The main cord's event loop is initialized by fiber_init(), but for some
reason successful initialization is only checked in main() after other
initialization code might try to use the event loop already.

For example, some of the loop users are coio_enable(), signal_init(),
tarantooL_lua_init(), and they are all run before we actually check that
loop is not NULL.

Closes tarantool/security#28

NO_DOC=code health
NO_TEST=code health
NO_CHANGELOG=code health

(cherry picked from commit 579ac6d3)

This patch replaces malloc() with xmalloc() in key_def_dup() to avoid
the possibility of skipping the malloc() return value check.

Closes tarantool/security#81

NO_DOC=refactoring
NO_TEST=refactoring
NO_CHANGELOG=refactoring

(cherry picked from commit 8ca94313)

The problem is if cat fails, because a patch file doesn't exist
PATH_COMMAND written like this won't detect it, because the last
command (patch) will complete successfully (apply existing patches
found by cat):

  cat XXX.patch YYY.patch | patch -p1

The proper way is to use PATCH_COMMAND continuation:

  PATCH_COMMAND patch -p1 -i XXX.patch
  COMMAND       patch -p1 -i YYY.patch

NO_DOC=build
NO_TEST=build
NO_CHANGELOG=build

(cherry picked from commit 9549310d)

- Drop testing for macOS 11 since macOS 13 is now available

- Add missing testing for macOS 12:
  - debug build (x86_64)
  - debug, release, and static-cmake builds (aarch64)

- Add testing for macOS 13:
  - debug, release, release-lto, and static-cmake builds (x86_64)
  - debug, release, release-lto, and static-cmake builds (aarch64)

Closes #6739
Closes tarantool/tarantool-qa#301

NO_DOC=ci
NO_TEST=ci
NO_CHANGELOG=ci

(cherry picked from commit a13504d8)

tls_construct_ctos_session_ticket() has a potential
NULL pointer dereference.

Closes tarantool/security#54

NO_DOC=security
NO_TEST=security
NO_CHANGELOG=security

(cherry picked from commit 639ec224)

Now, delete in ephemeral space is obviously incorrect - if we try to
delete a tuple, which is not present in index, NULL dereference will
happen. Fortunately, ephemeral spaces are used for internal purposes
only, so, most likely, this never happens. Let's fix this part not to
confuse code analyzers.

Closes https://github.com/tarantool/security/issues/38

NO_TEST=shouldn't normally happen
NO_CHANGELOG=shouldn't normally happen
NO_DOC=shouldn't normally happen

(cherry picked from commit a2d5e54e)

Added bounds check after conversion of a string key to int to avoid
potential out-of-bounds access.

Closes tarantool/security#45

NO_TEST=trivial
NO_CHANGELOG=internal
NO_DOC=internal

(cherry picked from commit 66f2679d)

Sometimes, we only need to test static-build, e.g. when we apply a patch
to a third party sub-project. Let's introduce a new label to run the ci
checks faster in this case.

NO_DOC=ci
NO_TEST=ci
NO_CHANGELOG=ci

(cherry picked from commit 09a77cd7)

We're going to add a whole bunch of them. Putting them all in
a sub-directory will help keeping the file tree organized.

Note, we have to update .gitignore so that the patches/ sub-directory
is ignored only at the top level (it's used by quilt).

NO_DOC=build
NO_TEST=build
NO_CHANGELOG=build

(cherry picked from commit b8ec809e)

This is useful for example for the analysis of performance complaints
from users, when they claim that one version of Tarantool is slower
than another, in fact comparing debug and release builds.

NO_DOC=minor change
NO_TEST=minor change

(cherry picked from commit 45576088)

When log format is JSON and a Lua table is written to the log, such
messages are saved by the flight recorder as a "json" string. Fix it.

Part of tarantool/tarantool-ee#325

NO_DOC=bugfix
NO_TEST=will be added to EE, because there are no flightrec in CE
NO_CHANGELOG=will be added to EE, because there are no flightrec in CE

Bitset index size calculation uses the cardinality of the 'flag' bitset,
but when the bitset index is empty, i.e., uninitialized, the
'flag' bitset is not allocated, hence we should simply return 0.

Closes #5809

NO_DOC=bugfix

(cherry picked from commit d542a01a)

After adding the autorequiring luatest [1,2], there is no need to use
the following approach now:

```
local t = require('luatest')
local g = t.group()

server:exec(function()
    local t = require('luatest') -- duplicate
    t.assert(...)
end)
```

Modern approach looks like:

```
local t = require('luatest')
local g = t.group()

-- `t` already available in the remote server
server:exec(function() t.assert(...) end)

-- also it works with any variable
local my_custom_t = require('luatest')

server:exec(function()
    my_custom_t.assert(...) -- already available
end)
```

[1] tarantool/luatest#277
[2] tarantool/luatest#289

Part of tarantool/luatest#233

NO_DOC=test fix
NO_TEST=test fix
NO_CHANGELOG=test fix

(cherry picked from commit 98dd8e69)