Docker Firebird Base image is now on based on Debian bullseye for 2.5-ss, 2.5-sc, 3.0 and 4.0

Docker Firebird Base image is now based on Debian bullseye for 2.5-ss, 2.5-sc, 3.0 and 4.0 branches.

This required a script to replace the libicu supplied by bullseye with the preferred one for the relevant firebird versions. If for some reason you do get a Collation unicode for character set utf8 is not installed error you can use gfix -icu <database> to correct the issue as of firebird 3.0.

Both 2.5 branches are now included as well. Unfortunately the gfix -icu <database> option is not available for 2.5 so instead I have opted to add tags for v2.5.9-sc-jessie and v2.5.9-ss-jessie If you find your setup works with the jessie tags but not the newer v2.5.9-sc or v2.5.9-ss tags please switch back to the jessie tags and open an issue to let me know. This will probably be the last major update for v2.5 as version 2.5 has been discontinued for 2 years now.

Debian bug fixed : CVE-2017-6369: authenticated remote execution in firebird 2.5 before version 3.0.2

We believe that the bug you reported is fixed in the latest version of
firebird3.0, which is due to be installed in the Debian FTP archive.

 * Apply commit 56e9a73c168 from upstream B3_0_Release branch
    fixing authenticated remote execution vulnerability (CVE-2017-6369,
    Closes: #858644


Authenticated Firebird users are allowed to declare UDFs (user-defined
functions). The default config allows using all entry points from the standard
UDF library, which is dynamically linked with libc, with its symbols
re-exported, including system().

Relevant upstream commits for 3.0:

Firebird package updated in Debian :

This version will make the build reproducible.

The reproducible builds initiative aims to enable anyone to reproduce bit by bit identical binary packages from a given source, thus enabling anyone to independently verify that a binary matches the source code from which it was said it was derived. For example, this allow the users of Debian to rebuild packages and obtain exactly identical packages to the ones provided by the Debian repositories.

Prune tool sets the creation stamp in the database header to a fixed value (taken from the last changelog stanza) and
prunes unused space on index/data pages of shipped databases

1 2 3 9