By Gerry Haskins-Oracle on Jan 29, 2010
Firstly, please allow me to get something off my chest:
It's been a long wait and we're finally there!
I, for one, am tickled pink.
There's likely be a lot of changes for all of us in the coming months, some good, some maybe controversial to some folk, but I passionately believe that Oracle will bring much needed commercial sense which will ensure that Solaris and Sun-Oracle hardware continues to innovate like hell to provide the solutions you, our customers, need. So strap yourselves in, the fun is about to begin!
But much more than the red Oracle logo has changed on PatchFinder today.
I want to let you know about two key new features which I believe significantly improve our customers' patch searching experience:
Search for Patches which deliver New Security Fixes
The PatchFinder "Security Filter" now differentiates between patches which introduce a new security fix (shown by the "NS" symbol in search returns) and patches which simply deliver any security fix, either new or pre-existing (shown by the "S" symbol in search returns).
Up until now only the latter was available, which made it difficult for customers to differentiate between patch revisions which deliver new security fixes and patch revisions which simply re-deliver old security fixes.
The "New Security Fix" search option under "Security Filter" should typically be used in combination with the "Show Obsolete" option so that you can see all patch revisions delivering new security fixes. Otherwise you'll just see the subset of patches which are contain both new security fixes and are not obsoleted.
Solaris OS Patches which deliver (or redeliver) security fixes will
continue to be added to the "Recommended" Patch Clusters as before, along with OS patches which deliver (or redeliver) Data Corruption or System Availability fixes, the latest patch utility patches, and any other patches required by the above.
Solaris OS Patches which deliver new security fixes will continue to be be added to the Sun Alert Patch Clusters as before, along with OS patches which deliver new Data Corruption or System Availability fixes, the latest patch utility patches, and any other patches required by the above.
But with this New Security Fix option in PatchFinder, you can now find all (6-2 digit PatchID) patches for all products which deliver new security fixes, not just Solaris OS patches.
BTW: This "New Security Fix" feature has actually been in PatchFinder since the last release in December, but this is the first opportunity I've had to blog about it.
Search for patches by the objects they deliver
You can now search for patches by the objects they deliver.
For example, type "/usr/bin/vi" into the "File Included" search box, filter the search using the other search options if desired ( e.g. select "Solaris 10" under "OS Release" ), and PatchFinder will return the patches which deliver "/usr/bin/vi".
This is useful if you are having problems with a particular utility or object and want to find if any patches are available for it. Then reading the CR synopses listed in the README for the appropriate patches returned may help you figure out if the patch is likely to address the problem you are experiencing.
Try searching for "zoneadmd", or "genunix", for example.
Remember, if you enter something like "vi" or "ls" in the "File Included" search box, you'll get all objects which contain those strings in their pathnames, so a well qualified search such as "/usr/bin/vi" or "/usr/bin/ls" may be more useful.
Watch out for symlinks, e.g. on Solaris 10:
$ whence patchadd/usr/sbin/patchaddSo on Solaris 10, search for "/usr/lib/patch" rather than "/usr/sbin/patchadd" to find patch utility patches. FYI, 'pdo' is the preprocessor to 'patchadd' on Solaris 10 and both are contained in /usr/lib/patch. Alternatively, just search for "patchadd".
$ ls -l /usr/sbin/patchadd
lrwxrwxrwx 1 root root 16 May 15 2009 /usr/sbin/patchadd -> ../lib/patch/pdo\*
I hope you find these new PatchFinder features useful. A lot of work went in behind the scenes, especially on ensuring the accuracy of the "New Security Fix" flag. I'd like to thank my colleagues, Brian, Julien, Slim, Mark, Don, and the rest of the team for making these enhancements a reality. Nice work guys!