Red Database 3.0 - v3.0.5.1

Jan. 22, 2020, 11:58 a.m.



  1. If "RDB$ADMIN" role is granted to user pass it to a user manager and allow to alter LDAP users
  2. Handle exceptions when updating failed attempts count. It should fix wrong success of authentication process.
  3. Clean password in case of error when searching LDAP user in order to stop authentication
  4. Fixed assigning roles granted to LDAP roles
  5. Fixed parsing of multi-line string values in CSV adapter
  6. Updated description of -ig option in gbak help
  7. fts.sql and fts_permissions.sql moved to misc
  8. Don't try to use known authentication plugins to check correctness of the previous plugins. One more place to log record about failed authentication.
  9. Fixed CORE-5758: Fixed issue: Database is corrupted when conflicting "starting at page" values is specified for secondary files. Raise error when conflicting "starting at page" values is specified for secondary database files
  10. Avoid inifinity loop inside vsnpintf on buggy glibc
  11. Fix external engine memory leaks
  12. Fixed generate ephem key with alg GOST-2012
  13. Fixed building SQL queries to change a calculated fields
  14. Fix multifactor authentication when logging as Trusted
  15. Fixed "request synchronization error" when LDAP user works with roles
  16. Fixed reading configuration and starting new system sessions
  17. Set default SQL security for database has no effect
  18. Fixed TempPageSpaceId generation: make it below FILE_PAGE_SPACE value
  19. Set world-accessible permissions on systemd service file to avoid spam messages in system log
  20. Fix isc_dpb_hw_address value as been in 2.x version
  21. Fixed printing OS error when operation with a file BLOB fails
  22. Don't skip next plugin if previous one has not sent data
  23. Fix ODS for new fields of RedDatabase in system tables
  24. Fixed log message about changing database "PageBuffers" value
  25. Use the hash method from the configuration instead of hardcoded value
  26. Fixed CORE-5955: Unable to init binreloc with ld >= 2.31
  27. Fixed re-generation GUID in backup utility
  28. Fixed wiping of the files to be deleted
  29. Fixed CORE-5823: No permission for SELECT access to blob field in stored procedure
  30. Fixed CORE-5841: No permission for SELECT access to TABLE PLG$SRP in newer snapshot
  31. Add output error if metadata signature failed
  32. Use 64bit value to count records during backup/restore
  33. Display error when opening Firebird database
  34. SQL SECURITY DEFINER context is not properly evaluated for monitoring tables
  35. Fixed infinity while building external access list
  36. Increased maximum size of the certificate owner name and fixed bug with calculating its length
  37. Additional fix for CORE-6045: TraceManager::update_sessions can fail on shutdown so try to protect it with mutex
  38. Now we user EffectiveUserId instead of current
  39. Can't change user attributes without changing password.
  40. Fix deleted memory use in optimizer
  41. Fix wipe memory after merging 077a2a3b from firebird.
  42. If BugcheckAbort is enabled try to create memory dump in case of critical lock manager error
  43. In case of direct IO use 4K page alignment because of some device requirements.
  44. CORE-6198: Wrong error checking for pread / pwrite calls
  45. Eliminated possibility of infinite loop in cases when changes in BLR are ignored by the server for some reason (see)
  46. Parsing 12-digit memory addresses. If gcc uses the -pie flag, need to consider that a memory address of executable file will be 12-digit, and executable file will be labeled as DYN.
  47. Check for existence of process file in hashgen
  48. Fixed registration of Srp plugins in Windows.
  49. Checking for opening executable memory in hashgen. If specified invalid process id on linux system, then program cannot open process memory and ends with segmentation fault
  50. Backport of the fix from the master branch: Now CREATE FUNCTION/PROCEDURE inside CREATE PACKAGE does not require CREATE FUNCTION/PROCEDURE privilege. It's not really necessary since there are no packages in 3.0 but the patch fixes TDBB_trusted_ddl flag reset. So let it be.
  51. Search for upgrade script in location found in registry when upgrading.
  52. Add fbtrace_* and jvm.args to upgrade script
  53. Fixed role disappearing from context variable, after changing role to unexisting
  54. SIMILAR TO expression can hang server
  55. Size of mapping shared memory increased to 4MB to avoid error "Global mapping memory overflow".
  56. Update prefix in installer scripts during installation
  57. Authentication using certificate doesn't work if there are the signature keys in a container
  58. GSS plugin on the server side can be executed before client one
  59. Use password in UTF16 encoding for sambaNTPassword calculating
  60. Change "sambaPwdLastSet" LDAP attribute when samba password has been changed
  61. Uninstaller now uninstall systemd unit


  1. Ability to authenticate using certificate in "EXECUTE STATEMENT ... ON EXTERNAL DATA SOURCE". "CERTIFICATE" and "PIN" tokens added to the clause.
  2. Stop database restore with -o option when no space left on disk
  3. Added GBAK option "-KEEP_DATA"
  4. Option "-q" of the lock print described in its help
  5. Improved function REGEXP_SUBSTR and class SimilarToMatcher.
  6. When password is changing try to use a manager that matches the authentication plugin
  7. Added context variable AUTH_PLUGIN in AUTHDATA namespace
  8. Added rdbAuth LDAP schema and LDIF file
  9. Add SQL scripts for recovery legacy and multifactor passwords
  10. Implemented two versions of crypto plugin crypto_api_sec - without CryptDeriveKey, CryptEncrypt and CryptDecrypt functions
  11. Request only required attributes when searching LDAP
  12. Add "CREATE OR ALTER" clause for policy syntax
  13. Altering computed fields. If a field changes and it has calculated dependencies, it's necessary to recalculate them. Now, recalculation is performed only for string fields and provided that a types of the calculated field and the query are the same, since cannot convert integer type to string type, etc
  14. All "SrpXYZ" auth methods are considered as "Srp" plugin
  15. Use --as-needed for linking to avoid unneded dependencies
  16. Implemented parsing of double-quoted strings in CSV adapter.
  17. Ported parameter "LoginFailureDelay" from 2.6.
  18. Allow to disable fields evaluating for external trigger. External trigger object now can give a hint to engine which fields will not be used and do not need to be evaluated. Properly implemented function getDoNotEvaluateField should return true, if field should not be evaluated. Index of field should start from 0. Index -1 reserved for all computed fields, so external trigger can ask engine do not evaluate computed fields.
  19. Output error messages to stderr in hashgen
  20. Switch -ig allows to continue restore when errors occur during parsing BLR of procedure, function or trigger
  21. Implemented CSV adapter for external tables
  22. Frontported left->inner conversion for joins
  23. Trusted user can attach to a database with a different login
  24. Transfer provider id to client
  25. Increased default cache size of the security DB
  26. Uninstaller now do not delete system user
  27. Drop obsolete qli and gsplit from build
  28. Drop LSB support in favor pure CentOS 6 build
  29. Tommath now linked statically
  30. Additions and fixes in documentation

Fixes and improvements in built-in replication:

  1. Fix multiple records in MON$REPLICATIONS table on the replica
  2. Fix query for search unique indexes of tables if fbrepldiff utility
  3. Fix use option -C in fbrepldiff utility
  4. Frontported fix for the master-slave inconsistency/corruption after errors during commit
  5. Fix archive timeout use in seconds
  6. Increase catch-up timeout
  7. Correct output when happened error in fbrepldiff utility
  8. Create control file if doesn't exists in fbreplmgr utility
  9. Changing use force flag in the fblogmgr utility. Set FULL state the segment from ARCH state only if archive number of sequence is specified

fbjava updated to 1.1.8. Changes in fbjava since 1.1.2:

  1. Do not cache permissions when accessed not from RDB context
  2. Fix loading roles list when role granted on role
  3. Cache user roles list and java permissions for current attachment.
  4. Ignore result type for trigger functions. We want some compatibility with JavaESPUDF at least for backup-restore
  5. Initial support for JRE 9+. Add new search path for libjvm. Do not restrict code from jrt://
  6. Support ExternalTrigger::getDoNotEvaluateField function. Fields which should not be evaluated can be passed through annotations: org.firebirdsql.fbjava.annotations.DoNotEvaluateComputedFields and org.firebirdsql.fbjava.annotations.DoNotEvaluateField
  7. Add EvaluateField annotation in addition to DoNotEvaluateField. If these annotations exists only fields from annotations will be evaluated. EvaluateField and DoNotEvaluateField (DoNotEvaluateComputedFields) are mutually exclusive. If both annotation present, RuntimeException will be raised.
  8. Getting all user roles to configure security Initially, only one role is taken - current_role. but it's not right. User can have many roles active, as access rights are configured using a combination of roles
  9. Support some substitutions inside first argument of java-security permission
  10. Remove debug code which lead to memory leaks

fbjava_lucene updated to 2.0.8: Changes in fbjava_lucene since 2.0.3:

  1. Add script with some basic permissions for java security
  2. Initialize Tika parser once when on creating DocumentIndex instance. This fix improve performance of index/reindex by an orders
  3. Check if blob empty and do not try to parse it. Tika parser do not like empty streams
  4. Copy description blob instead direct inserting
  5. Better handle identifiers symbols case in FTS$* functions and procedures Now, by default all identifiers uppercased, so FTS$CREATE_INDEX('UpPeRcAsEd', ... will create index 'UPPSERCASED', and FTS$ADD_FIELD_TO_INDEX('uppercased', 'test', 'str') will add field 'STR' from table 'TEST' to index 'UPPERCASED'. To force symbols treat as is, identifiers should be wrapped with '"'. FTS$ADD_FIELD_TO_INDEX('"lowercased"', '"Test"', '"str"') will add field 'str' from table 'Test' to index 'lowercased'.
  6. Updated dependencies with known security vulnerabilities
  7. Return short from indexFieldChange to fix backup restoring from 2.x. See This function will NOT work on FBJava, because it requires TriggerContext, but at least backup with such trigger can be restored.

Ported from Firebird:

  1. Avoid unnecessary operations in the destructor. This also prevents possible hangs in Classic builds.
  2. Backported CORE-6217: Wrong work with pointer: delete ptr; ptr=new ;
  3. Backported CORE-6221: Incorrect (throw-based) allocFunc for zlib
  4. Fixed races during shmem reattaching
  5. Attempted to fix the optimizer regression related to sorting vs compound indices
  6. Cast the parameters to match the API declaration. This removes warnings in the generated code.
  7. Fixed inconsistency between attachment/transaction states and their request states
  8. Fixed bug CORE-6204 : FB crash because TraceSvcJrd::checkPrivileges can pass NULL in 'alias'
  9. Backported CORE-6141: fbsvcmgr action_repair rpr_list_limbo_trans does not show list of transactions in LIMBO state
  10. This should fix regression for test core_0053.fbt
  11. Minor correction for Vlad's solution to CORE-4680
  12. Backported CORE-6031: Little valgrind memory leak in isc_attach_database
  13. Postfix for CORE-6028, thanks to Adriano
  14. Backported CORE-6028: Trigger on system table restored in FB3 database and can't be deleted
  15. Fixed CORE-6026 - Alignment issue with FB_MESSAGE C++ macro (as well UDR macros) and BIGINT/DECFLOAT types in Linux 32-bits.
  16. Backported CORE-6015: Segfault when using expression index with complex expression
  17. Backported CORE-6009: I/O error during "open" operation for file "/tmp/firebird/fb_trace_*" in firebird.log
  18. Backported CORE-6007: Firebird does not build on Mac with fresh toolchain
  19. Backported CORE-6004: Don't assign new socket handle becore socket is connected
  20. Backported CORE-6004: Use correct definition for missing socket value
  21. Backported CORE-6004: Add a switch to disable the "TCP Loopback Fast Path" option
  22. Fixed CORE-5972 - External engine trigger crashing server if table have computed field.
  23. Fixed bug CORE-5995 : Creator user name is empty in user trace sessions
  24. Fixed bug CORE-5993 : When creation of audit log file fails, there is no error message in firebird.log
  25. Fixed bug CORE-5991 : Trace could not work correctly with quoted file names in trace configurations
  26. Backported CORE-5985: Regression: ROLE does not passed in ES/EDS (specifying it in the statement is ignored)
  27. Fixed missing monitoring for the crypt thread
  28. Backported fix for CORE-5989
  29. Backported fix for CORE-5982
  30. Fixed CORE-5986 - Incorrect evaluation of NULL IS [NOT] {FALSE | TRUE}.
  31. Attempted to fix CORE-2440, CORE-5118 and CORE-5900 together (expression indices contain NULL keys after restore).
  32. Fixed the database left attached (and the engine not unloaded) after error thrown from the beginning of the attach process (e.g. due to the engine shutdown in progress)
  33. More reliable check for view vs table
  34. Reworked Alex's solution for modern compilers (GCC 5/6)
  35. Ported fix for bug CORE-5980 : Firebird 2.5.6 & 25.8 server crash
  36. Backported CORE-5724: Add ability to use " -path /opt/my_path" without need to install FB first in the default folder ("/opt/firebird")
  37. This should fix CORE-5395: Invalid data type for negation (minus operator)
  38. Attempt to fix CORE-5070, CORE-5795, CORE-5845, CORE-5965 with a single shot
  39. Fixed CORE-5966: Slow performance when executing SQL scripts as non-SYSDBA user
  40. Backport fix for bug CORE-5959 : Firebird returns wrong time after changes of time zone
  41. Enable "Enhance Optimized Debugging" to produce more useful debug info (.pdb files)
  42. Added context variable to indicate database as replica
  43. Fixed possible corruption of the monitoring shared data
  44. Fixed CORE-5943: Server crashes preparing a query with both DISTINCT/ORDER BY and non-field expression in the select list
  45. Backported CORE-5741: Word "fixing" in gbak output is too scary
  46. Backported CORE-5950: Deadlock when attaching to bugchecked database
  47. Fixed bug CORE-5949 : Bugcheck could happen when read-only database with non-zero linger is set to read-write mode
  48. Backported CORE-5948: Make WIN_SSPI plugin produce keys for wirecrypt plugin
  49. Backported CORE-5639: Mapping rule using WIN_SSPI plugin: windows user group conversion to firebird role does not work
  50. Implement sub-task CORE-5913 : Add context variables with compression and encryption status of current connection
  51. Additional fix for bug CORE-5436 : [FB3 SC] Server hangs (under load test). The case when main thread convert still not acquired lock when AST thread assert locks. It leads to the error: Fatal lock manager error: invalid lock id (0)
  52. Fixed bug CORE-5911 : Connection could hung after no activity for 60 seconds
  53. Fix CORE-5905 - Inconsistencies with PSQL FUNCTION vs UDF.
  54. Backported CORE-5908: Enhance dynamic libraries loading related error messages
  55. Applied modified patch from Damyan fixing piped decompression
  56. Avoid races in YObject::destroy()
  57. Unify memory allocation in verb_post.
  58. This should fix memory leak when not fully initialized attachment killed by DBA
  59. This should fix crash when not fully initialized attachment killed by DBA. For example - sweep (it happens few times when running core_4337.fbt).
  60. Backported CORE-5793: Error returned from DbCryptPlugin::setKey() is not shown
  61. Backported CORE-5860: Support auth_plugin_list dpb/spb item from application to client
  62. Backported CORE-5904: An attempt to create global mapping with long (> SQL identifier length) FROM field fails
  63. Fixed bug CORE-5898 : ROLE not passed in EXECUTE STATEMENT ... ON EXTERNAL
  64. This should fix a bug CORE-5902 : Add Firebird Event fails with error "While isc_que_events - Failed to establish a secondary connection for event processing."
  65. Backported CORE-5886: Nbackup does not work after 32K of backups iterations
  66. Backported CORE-5900: Banned during engine shutdown threads cause unwanted delays when shutting server
  67. Backported changes in memory leaks debugging code
  68. Backported CORE-5899: Memory leak in GBAK code when used as service
  69. Backported CORE-5893:gbak may crash database when mixing alias with full database name
  70. Avoid crash due to executing already unloaded code (in attachmentShutdownThread). Probably, same trick should be used in all threads, started not by Dispatcher, which could run after its module is unloaded concurrently. So far, it looks like Windows specific.
  71. Avoid race condition in cancel_operation() when client connection breaks immediately after op_detach.
  72. Avoid race condition (with AV) when YEvents object references is released concurrently
  73. Fix incorrect reference counting for EventManager object. It leads to the crash due to attempt to execute code (watcher_thread) after engine DLL is unloaded.
  74. Avoid double delete of ThreadSync object
  75. Clear events of dead process, not our own
  76. Backported fix of segfault in special build.
  77. Backported CORE-5884: Initial global mapping from srp plugin does not work
  78. Backported CORE-5876: Provide name of udf function for "arithmetic exception, numeric overflow, or string truncation"
  79. Backported CORE-5881: Network server ignores any error that took place in KeyHolderPlugin when establishing initial callback with client
  80. Reintroduce optimisation for 64bit build after commit of alignment fix (CORE-5865) 32bit build O2 optimisation too
  81. Backported fix for CORE-5865: Alignment error on x86_64
  82. This should fix bug CORE-5844 : Firebird freeze for new connections
  83. Ability to specify "FROM" user name in mapping using regular expression
  84. Correct condition when mapped file of monitoring data should be removed.
  85. Fixed memory corruption found when run test bugs.5674 in Classic mode using debug build.
  86. Improvement CORE-5853 - Forward-compatible expressions LOCALTIME and LOCALTIMESTAMP.
  87. Code cleanup - this should fix MacOS build
  88. Update MacOS postfix for CORE-304
  89. Port forward fix for bug CORE-5936 : Firebird server segfaults in the end of database backup. While i can't reproduce bug on v3, it will make no harm.
  90. Backported CORE-5927: With some non-standard authentication plugins providing correct crypt key wire anyway remains not encrypted
  91. Backported CORE-5926: Attempt to create mapping with non-ascii user name which is encoded in SINGLE-BYTE codepage (win 1251) leads to '-Malformed string' message
  92. Backported CORE-5918: Memory pool statistics is not accurate
  93. Backported CORE-5907: Regression: can not launch trace if its 'database' section contains regexp pattern with curvy brackets to enclose quantifier
  94. Fixed bug CORE-5935 : Bugcheck 165 (cannot find tip page)
  95. Backported CORE-5888: Firebird server on Android has problem with numerics
  96. Backported fix for android port - some kernels accept only PIE binaries
  97. Postfix for CORE-5474, more generic way to check for actual library name
  98. Bug fix for CORE-5074 [B3_0]
  99. Common implemetation for MAKE_desc_from_field and MAKE_desc_from_element.
  100. Make it possible to build with VS 2017/2019 (with VS 2015 compiler installed).
  101. Fixed CORE-6065 - Windows kits does have incomplete include headers directory.
  102. Fast bug fix for CORE-6063 [backport]. Server does not return result of own work (name of next auth-plugin).
  103. Re-enable building udrcpp_example on Windows
  104. Addition for CORE-6043 : GTTs do not release used space
  105. Avoid races at PAG_release\PAG_allocate
  106. Backported fix for bug CORE-3925 : Creating self-referential FK crashes database (bug-check) whether constraint violation had place
  107. This should fix CORE-6050, wait for confirmation from user
  108. Backported CORE-6038: Srp user manager sporadically creates users which can not attach
  109. Fixed CORE-6040 - Metadata script extracted using ISQL is invalid/incorrect when table has COMPUTED BY field.
  110. Fixed bug CORE-6043 : GTTs do not release used space
  111. Backported CORE-6045: Segmentation fault in fbtracemgr when closing it using Ctrl-C
  112. Cleanup - that long ago deprecated file was removed from OS
  113. Backported CORE-6027: Server hang on new attachment right after trace session stop
  114. SHA2 Refactoring
  115. Fixed bug CORE-6067 : Memory leak in fbclient
  116. Improve diagnostics of internal trace errors (see CORE-3413 and CORE-6075)
  117. Prevent child process hung if it writes too much data to the pipe and overflow the pipe buffer. Preserve child eol's when print child stderr data. Try to distinguish case when child's stdout closed abnormally.
  118. Sub-task CORE-4463: Windows implementation for CORE-4462 (Make it possible to restore compressed .nbk files without explicitly decompressing them)
  119. Fixed CORE-6197: Memory leak in INET_connect().
  120. MSVC declare uintXXX_t types at stdint.h
  121. Fixed CORE-5902: Add Firebird Event fails with error. "While isc_que_events - Failed to establish a secondary connection for event processing".
  122. Fixed CORE-6182: ExtConnPoolLifeTime acts as countdown for activity in MOST RECENT database (of several) rather then separate for each of used databases
  123. Let logAndDie() call abort() on all platforms. It prevent hung when process exits (instead of aborts) and tries to release resources.
  124. Backport addition for CORE-4463: Avoid handle leak after killing hung child process. Print child's stderr after child is gone to not loose very last childs output.
  125. Backported CORE-6203: "Error reading data from the connection" is raised sometimes when using non-default authentication plugin
  126. Better name for print_child_error() method
  127. CORE-6000: gbak issues "Your user name and password are not defined" when command switch "-fe(tch_password) ..." is specified when run as service.
  128. CORE-6163: Generator pages are not encrypted.
  129. Fixed races during attach/detach to the monitoring shared file (similarly to how it was done for other shmem files).
  130. CORE-6171: No current record for fetch operation with queries with aggregated subselect
  131. This should fix double close of srcBlob if extBlob->close() failed
  132. This should fix broken LRU pending chain
  133. Fixed bug CORE-6150 : Bugcheck when PK\UK\FK constraint check read record already marked as damaged
  134. Fixed CORE-6144: Inconsistent behaviour of the NEW context variable in AFTER UPDATE OR DELETE triggers
  135. Fixed bug CORE-6138 : Inconsistent behavior regarding visibility of master record on detail inserts
  136. Backported CORE-6143: Error 'Multiple maps found for ...' is raised in not appropriate case
  137. Port forward fix for bug CORE-6142 : Error "connection lost to database" could happen when application creates few local attachments (using XNET) simultaneously
  138. Fixed bug CORE-6137 : Server crashes when it run SQL
  139. An attempt to fix CORE-6134: Win_Sspi in the list of auth plugins leads message about failed login to be changed (from 'Your user name and password are not defined...' to 'Missing security context ...')
  140. Effective login constant fixed in Firebird.pas
  141. Fixed CORE-6108 - Regression: FB3 throws "Datatypes are not comparable in expression" in procedure parameters.
  142. Fixed CORE-6087 - Problem with casting within UNION.
  143. Fix CORE-6068 - Server hangs when compiling big package with error.
  144. Backport fixed diagnostics
  145. Fixed CORE-6104: incorrect erroris thrown when an embedded user does not have SELECT permissions
  146. This should fix CORE-6097: Connection does not see itself in the MON
  147. Improvement CORE-6095 : Extend trace record for COMMIT/ROLLBACK RETAINING to allow chaining of transaction ids
  148. Backported CORE-5784: Lock folder inizialization is not multi-process safe
  149. Authentication block, received by client plugin from engine, might contain trash
  150. Postfix for CORE-6091, thanks to Vlad
  151. Fixed CORE-6091: Errors when processing correct SQL statements in engine12 provider loaded by FB4 server
  152. Rework bugfix for CORE-5600 to avoid regression CORE-6089
  153. This should fix CORE-6090: BLOB fields may be suddenly set to NULLs during UPDATE after a table format change
  154. Fix for CORE-6072 - make firebird always work with security database from databases.conf
  155. Partial fix for CORE-6072 - reworked potentially buggy approach when adding different kind of strings to the clumplet
  156. Partial fix for CORE-6072 - use configured providers internally (except loopback)
  157. Fixed CORE-6086, thanks to Vlad
  158. Backported CORE-6078: Permissions for create or alter statements are not checked