Fixes:

1. Don't try to use known authentication plugins to check correctness of the previous plugins. One more place to log record about failed authentication.
2. Fixed CORE-5758: Fixed issue: Database is corrupted when conflicting "starting at page" values is specified for secondary files. Raise error when conflicting "starting at page" values is specified for secondary database files
3. Avoid inifinity loop inside vsnpintf on buggy glibc
4. Fix external engine memory leaks
5. Fixed generate ephem key with alg GOST-2012
6. Fixed building SQL queries to change a calculated fields
7. Fix multifactor authentication when logging as Trusted
8. Fixed "request synchronization error" when LDAP user works with roles
9. Fixed reading configuration and starting new system sessions
10. Set default SQL security for database has no effect
11. Fixed TempPageSpaceId generation: make it below FILE_PAGE_SPACE value
12. Set world-accessible permissions on systemd service file to avoid spam messages in system log
13. Fix isc_dpb_hw_address value as been in 2.x version
14. Fixed printing OS error when operation with a file BLOB fails
15. Don't skip next plugin if previous one has not sent data
16. Fix ODS for new fields of RedDatabase in system tables
17. Fixed log message about changing database "PageBuffers" value
18. Use the hash method from the configuration instead of hardcoded value
19. Fixed CORE-5955: Unable to init binreloc with ld >= 2.31
20. Fixed re-generation GUID in backup utility
21. Fixed wiping of the files to be deleted
22. Fixed CORE-5823: No permission for SELECT access to blob field in stored procedure
23. Fixed CORE-5841: No permission for SELECT access to TABLE PLG$SRP in newer snapshot
24. Add output error if metadata signature failed
25. Use 64bit value to count records during backup/restore
26. Display error when opening Firebird database
27. SQL SECURITY DEFINER context is not properly evaluated for monitoring tables
28. Fixed infinity while building external access list
29. Increased maximum size of the certificate owner name and fixed bug with calculating its length
30. Additional fix for CORE-6045: TraceManager::update_sessions can fail on shutdown so try to protect it with mutex
31. Now we user EffectiveUserId instead of current

Improvements:

1. Ability to authenticate using certificate in "EXECUTE STATEMENT ... ON EXTERNAL DATA SOURCE". "CERTIFICATE" and "PIN" tokens added to the clause.
2. Stop database restore with -o option when no space left on disk
3. Added GBAK option "-KEEP_DATA"
4. Option "-q" of the lock print described in its help
5. Improved function REGEXP_SUBSTR and class SimilarToMatcher.
6. When password is changing try to use a manager that matches the authentication plugin
7. Added context variable AUTH_PLUGIN in AUTHDATA namespace
8. Added rdbAuth LDAP schema and LDIF file
9. Add SQL scripts for recovery legacy and multifactor passwords
10. Implemented two versions of crypto plugin crypto_api_sec - without CryptDeriveKey, CryptEncrypt and CryptDecrypt functions
11. Request only required attributes when searching LDAP
12. Add "CREATE OR ALTER" clause for policy syntax
13. Altering computed fields. If a field changes and it has calculated dependencies, it's necessary to recalculate them. Now, recalculation is performed only for string fields and provided that a types of the calculated field and the query are the same, since cannot convert integer type to string type, etc
14. All "SrpXYZ" auth methods are considered as "Srp" plugin
15. Use --as-needed for linking to avoid unneded dependencies
16. Improvements in documentation

Fixes and improvements in built-in replication:

1. Fix multiple records in MON$REPLICATIONS table on the replica
2. Fix query for search unique indexes of tables if fbrepldiff utility
3. Fix use option -C in fbrepldiff utility
4. Frontported fix for the master-slave inconsistency/corruption after errors during commit
5. Fix archive timeout use in seconds
6. Increase catch-up timeout
7. Correct output when happened error in fbrepldiff utility
8. Create control file if doesn't exists in fbreplmgr utility
9. Changing use force flag in the fblogmgr utility. Set FULL state the segment from ARCH state only if archive number of sequence is specified

Updated fbjava-lucene to 2.0.6.

Changes since 2.0.3:

• fbjava-lucene 2.0.6
• Initialize Tika parser once when on creating DocumentIndex instance. This fix improve performance of index/reindex by an orders
• Check if blob empty and do not try to parse it. Tika parser do not like empty streams
• fbjava-lucene 2.0.5
• Copy description blob instead direct inserting
• fbjava_lucene 2.0.4
• Better handle identifiers symbols case in FTS$* functions and procedures Now, by default all identifiers uppercased, so FTS$CREATE_INDEX('UpPeRcAsEd', ... will create index 'UPPSERCASED', and FTS$ADD_FIELD_TO_INDEX('uppercased', 'test', 'str') will add field 'STR' from table 'TEST' to index 'UPPERCASED'. To force symbols treat as is, identifiers should be wrapped with '"'. FTS$ADD_FIELD_TO_INDEX('"lowercased"', '"Test"', '"str"') will add field 'str' from table 'Test' to index 'lowercased'.
• fbjava_lucene 2.0.3
• Updated dependencies with known security vulnerabilities

Updated fbjava to 1.1.2:

1. Remove debug code which lead to memory leaks

Ported from Firebird:

1. Backported CORE-6031: Little valgrind memory leak in isc_attach_database
2. Postfix for CORE-6028, thanks to Adriano
3. Backported CORE-6028: Trigger on system table restored in FB3 database and can't be deleted
4. Fixed CORE-6026 - Alignment issue with FB_MESSAGE C++ macro (as well UDR macros) and BIGINT/DECFLOAT types in Linux 32-bits.
5. Backported CORE-6015: Segfault when using expression index with complex expression
6. Backported CORE-6009: I/O error during "open" operation for file "/tmp/firebird/fb_trace_*" in firebird.log
7. Backported CORE-6007: Firebird does not build on Mac with fresh toolchain
8. Backported CORE-6004: Don't assign new socket handle becore socket is connected
9. Backported CORE-6004: Use correct definition for missing socket value
10. Backported CORE-6004: Add a switch to disable the "TCP Loopback Fast Path" option
11. Fixed CORE-5972 - External engine trigger crashing server if table have computed field.
12. Fixed bug CORE-5995 : Creator user name is empty in user trace sessions
13. Fixed bug CORE-5993 : When creation of audit log file fails, there is no error message in firebird.log
14. Fixed bug CORE-5991 : Trace could not work correctly with quoted file names in trace configurations
15. Backported CORE-5985: Regression: ROLE does not passed in ES/EDS (specifying it in the statement is ignored)
16. Fixed missing monitoring for the crypt thread
17. Backported fix for CORE-5989
18. Backported fix for CORE-5982
19. Fixed CORE-5986 - Incorrect evaluation of NULL IS [NOT] {FALSE | TRUE}.
20. Attempted to fix CORE-2440, CORE-5118 and CORE-5900 together (expression indices contain NULL keys after restore).
21. Fixed the database left attached (and the engine not unloaded) after error thrown from the beginning of the attach process (e.g. due to the engine shutdown in progress)
22. More reliable check for view vs table
23. Reworked Alex's solution for modern compilers (GCC 5/6)
24. Ported fix for bug CORE-5980 : Firebird 2.5.6 & 25.8 server crash
25. Backported CORE-5724: Add ability to use "install.sh -path /opt/my_path" without need to install FB first in the default folder ("/opt/firebird")
26. This should fix CORE-5395: Invalid data type for negation (minus operator)
27. Attempt to fix CORE-5070, CORE-5795, CORE-5845, CORE-5965 with a single shot
28. Fixed CORE-5966: Slow performance when executing SQL scripts as non-SYSDBA user
29. Backport fix for bug CORE-5959 : Firebird returns wrong time after changes of time zone
30. Enable "Enhance Optimized Debugging" to produce more useful debug info (.pdb files)
31. Added context variable to indicate database as replica
32. Fixed possible corruption of the monitoring shared data
33. Fixed CORE-5943: Server crashes preparing a query with both DISTINCT/ORDER BY and non-field expression in the select list
34. Backported CORE-5741: Word "fixing" in gbak output is too scary
35. Backported CORE-5950: Deadlock when attaching to bugchecked database
36. Fixed bug CORE-5949 : Bugcheck could happen when read-only database with non-zero linger is set to read-write mode
37. Backported CORE-5948: Make WIN_SSPI plugin produce keys for wirecrypt plugin
38. Backported CORE-5639: Mapping rule using WIN_SSPI plugin: windows user group conversion to firebird role does not work
39. Implement sub-task CORE-5913 : Add context variables with compression and encryption status of current connection
40. Additional fix for bug CORE-5436 : [FB3 SC] Server hangs (under load test). The case when main thread convert still not acquired lock when AST thread assert locks. It leads to the error: Fatal lock manager error: invalid lock id (0)
41. Fixed bug CORE-5911 : Connection could hung after no activity for 60 seconds
42. Fix CORE-5905 - Inconsistencies with PSQL FUNCTION vs UDF.
43. Backported CORE-5908: Enhance dynamic libraries loading related error messages
44. Applied modified patch from Damyan fixing piped decompression
45. Avoid races in YObject::destroy()
46. Unify memory allocation in verb_post.
47. This should fix memory leak when not fully initialized attachment killed by DBA
48. This should fix crash when not fully initialized attachment killed by DBA. For example - sweep (it happens few times when running core_4337.fbt).
49. Backported CORE-5793: Error returned from DbCryptPlugin::setKey() is not shown
50. Backported CORE-5860: Support auth_plugin_list dpb/spb item from application to client
51. Backported CORE-5904: An attempt to create global mapping with long (> SQL identifier length) FROM field fails
52. Fixed bug CORE-5898 : ROLE not passed in EXECUTE STATEMENT ... ON EXTERNAL
53. This should fix a bug CORE-5902 : Add Firebird Event fails with error "While isc_que_events - Failed to establish a secondary connection for event processing."
54. Backported CORE-5886: Nbackup does not work after 32K of backups iterations
55. Backported CORE-5900: Banned during engine shutdown threads cause unwanted delays when shutting server
56. Backported changes in memory leaks debugging code
57. Backported CORE-5899: Memory leak in GBAK code when used as service
58. Backported CORE-5893:gbak may crash database when mixing alias with full database name
59. Avoid crash due to executing already unloaded code (in attachmentShutdownThread). Probably, same trick should be used in all threads, started not by Dispatcher, which could run after its module is unloaded concurrently. So far, it looks like Windows specific.
60. Avoid race condition in cancel_operation() when client connection breaks immediately after op_detach.
61. Avoid race condition (with AV) when YEvents object references is released concurrently
62. Fix incorrect reference counting for EventManager object. It leads to the crash due to attempt to execute code (watcher_thread) after engine DLL is unloaded.
63. Avoid double delete of ThreadSync object
64. Clear events of dead process, not our own
65. Backported fix of segfault in special build.
66. Backported CORE-5884: Initial global mapping from srp plugin does not work
67. Backported CORE-5876: Provide name of udf function for "arithmetic exception, numeric overflow, or string truncation"
68. Backported CORE-5881: Network server ignores any error that took place in KeyHolderPlugin when establishing initial callback with client
69. Reintroduce optimisation for 64bit build after commit of alignment fix (CORE-5865) 32bit build O2 optimisation too
70. Backported fix for CORE-5865: Alignment error on x86_64
71. This should fix bug CORE-5844 : Firebird freeze for new connections
72. Ability to specify "FROM" user name in mapping using regular expression
73. Correct condition when mapped file of monitoring data should be removed.
74. Fixed memory corruption found when run test bugs.5674 in Classic mode using debug build.
75. Improvement CORE-5853 - Forward-compatible expressions LOCALTIME and LOCALTIMESTAMP.
76. Code cleanup - this should fix MacOS build
77. Update MacOS postfix for CORE-304
78. Port forward fix for bug CORE-5936 : Firebird server segfaults in the end of database backup. While i can't reproduce bug on v3, it will make no harm.
79. Backported CORE-5927: With some non-standard authentication plugins providing correct crypt key wire anyway remains not encrypted
80. Backported CORE-5926: Attempt to create mapping with non-ascii user name which is encoded in SINGLE-BYTE codepage (win 1251) leads to '-Malformed string' message
81. Backported CORE-5918: Memory pool statistics is not accurate
82. Backported CORE-5907: Regression: can not launch trace if its 'database' section contains regexp pattern with curvy brackets to enclose quantifier
83. Fixed bug CORE-5935 : Bugcheck 165 (cannot find tip page)
84. Backported CORE-5888: Firebird server on Android has problem with numerics
85. Backported fix for android port - some kernels accept only PIE binaries
86. Postfix for CORE-5474, more generic way to check for actual library name
87. Bug fix for CORE-5074 [B3_0]
88. Common implemetation for MAKE_desc_from_field and MAKE_desc_from_element.
89. Make it possible to build with VS 2017/2019 (with VS 2015 compiler installed).
90. Fixed CORE-6065 - Windows kits does have incomplete include headers directory.
91. Fast bug fix for CORE-6063 [backport]. Server does not return result of own work (name of next auth-plugin).
92. Re-enable building udrcpp_example on Windows
93. Addition for CORE-6043 : GTTs do not release used space
94. Avoid races at PAG_release\PAG_allocate
95. Backported fix for bug CORE-3925 : Creating self-referential FK crashes database (bug-check) whether constraint violation had place
96. This should fix CORE-6050, wait for confirmation from user
97. Backported CORE-6038: Srp user manager sporadically creates users which can not attach
98. Fixed CORE-6040 - Metadata script extracted using ISQL is invalid/incorrect when table has COMPUTED BY field.
99. Fixed bug CORE-6043 : GTTs do not release used space
100. Backported CORE-6045: Segmentation fault in fbtracemgr when closing it using Ctrl-C
101. Cleanup - that long ago deprecated file was removed from OS
102. Backported CORE-6027: Server hang on new attachment right after trace session stop
103. SHA2 Refactoring
104. Fixed bug CORE-6067 : Memory leak in fbclient
105. Improve diagnostics of internal trace errors (see CORE-3413 and CORE-6075)