Thursday Sep 12, 2013

Solaris 10 Patches Now On Monthly Release Cadence

(Updated Nov 25, 2013)

We've recently moved to a monthly release cadence for Solaris 10 OS patches.

New Solaris 10 OS patches are now available from MOS by the Tuesday closest to 17th of each month. 

The updated Solaris 10 OS Recommended Patchset will be available by the next day, Wednesday, assuming there are new patches released which meet its inclusion criteria - that is, patches which address security or other critical issues.

This enables customers to predict patch release dates and schedule maintenance windows.

This is similar to the monthly release cadence for Solaris Repository Updates (SRUs) for Solaris 11.

Please note that the Solaris 10 OS Recommended Patchset may not be updated every month.  This is because in some months there may be no new patches meeting the inclusion criteria.  That is, patches which address security, availability, data corruption, or other critical issues.

Thursday Jun 06, 2013

Next Solaris 10 Kernel PatchIDs, 150400 (SPARC) & 150401 (x86)

As I've noted in an update to my previous blog posting, Murphy's Law strikes again!

No sooner had I written that Solaris 10 Kernel PatchIDs 148888-xx (SPARC) and 148889-xx (x86) were here to stay for the foreseeable future, than the integration of the SR-IOV feature into rev-04 of these patches made it prudent to rejuvenate them. 

So from July 2013, the Solaris 10 Kernel PatchIDs will change to be 150400-xx (SPARC) and 150401-xx (x86).

See here for the full Solaris 10 Kernel PatchID sequence.

Monday Apr 22, 2013

Ooops, incorrect Recommended patchset uploaded April 21/22

Update: April 22, 2013, 17:10 PST: The issue is now fixed and the correct Solaris 10 SPARC Recommended patchset is now available from MOS.  I apologize again for any inconvenience caused.

---- 

Ooops!

Due to human error, the incorrect Recommended patchset for Solaris 10 SPARC was uploaded to MOS on April 21, at ca. 18:54 PST.  The April 20 2012 patchset was uploaded instead of the April 20 2013 patchset. 

The date is in the patchset README, so if you've downloaded the Solaris 10 SPARC Recommended patchset in the last 24 hours, please check that the date is not 2012.  If it is, please download the corrected version from MOS.

I apologize most sincerely for any inconvenience caused.

Best Wishes,

Gerry.

Tuesday Oct 18, 2011

Solaris 9 transitioning to Extended Support

Just a quick heads-up that Solaris 9 will transition to Vintage support (old sun terminology) / Extended support (Oracle terminology) at the end of this month.

Solaris 9 patches released from November 1, 2011, will have Vintage/Extended access entitlement by default, which means that only customers with an Extended Support contract for Solaris will be able to access them.

Updates to the Recommended Solaris 9 OS Patchset will cease at that time.

Pre-existing Solaris 9 patches (and the final version of the Recommended Solaris 9 OS Patchset) will remain available under normal "OS" entitlement - i.e. they can be accessed without an Extended Support contract.

For more details, see:

Lifetime Support Policy brochure, especially pages 27 to 31

How Patches and Updates Entitlement Works, DocID 1269292.1

Best Wishes,

Gerry

Wednesday Oct 12, 2011

Live Upgrade document updated and simplified

I forgot to let you know, but a couple of months ago, my colleagues, Don O'Malley and Ed Clark updated the Oracle Solaris Live Upgrade (LU) document describing the pre-requisites for Live Upgrade.

The original document was pretty convoluted and required several cups of strong coffee to parse.  The updated version is a little easier to understand, even without caffeine.

Thanks also to Beth Barrett, Rick Ramsey, and Jon Bowman who helped make this happen.

Wednesday Sep 14, 2011

Useful Oracle Sun patch download options, including metadata & READMEs

(Updated May 14, 2013)

Here are some Oracle Sun patch download options which my colleague Don O'Malley and I believe you may find useful:

You can download an Oracle Sun patch README simply by using an URI of the following form:

https://updates.oracle.com/readme/120068-02

Just replace the PatchID in the URI above with the PatchID you are interested in.

If you are logged on to MOS, and have a valid support contract associated with your account, you can download patches using an URI of the following form for an individual patch:

https://updates.oracle.com/all_unsigned/120068-02.zip

XML metadata for a patch is available using a URI of the form:

https://updates.oracle.com/Orion/Services/search?bug=120068-02

This XML metadata contains useful information like:

  • The MD5 and SHA-1 checksums, see <digest type=...>.  Getting MD5 and SHA-1 checksums directly from MOS or this XML metadata file is the most accurate way to get checksum information. 
  • The latest PatchID in this lineage which obsoletes (supersedes) this patch revision , see <patch_replacements> - in this example 127127-11
  • What bug fixes (CRs) are delivered in the Patch - note if <fixes_bugs truncated="yes">, then the list of CRs fixed in truncated, so see the patch README for the full list of CRs
  • What access entitlement is needed to download this patch - in this example "OS" (Operating System) which means you need a support contract which covers Solaris in order to download it.  Other common access entitlements are "FMW" (Firmware) and "SW" ([other] Software), which means you need a support contract which covers Hardware or other Software respectively.  If multiple access entitlements are shown, then a support contract which covers any of them is sufficient to download the patch.
  • The Oracle BugDB Bug number reference to this patch which can be used as an alternative way to access it (see example below) - in this example 9615556
  • The Oracle BugDB Bug number reference to the README of this patch which can be used as an alternative way to access it (see example below) - in this example 12450076

Note, there are two nearly identical <patch> entries in the XML Metadata file in this example, one for 32-bit and one for 64-bit.  This is common and occurs for the vast majority of Oracle Sun patches.  Java patches are the main exception to this multiple <patch> entries rule for Oracle Sun patches, as they produce a separate 64-bit patch which will have a separate metadata file.  Where multiple <patch> entries exist in a metadata file, they always refer to one and the same patch, so either metadata entry can be parsed.  So while the "aru" <request id> references in the URIs differ for each in addition to <platform>, it's the identical patch which is downloaded in each case.

It's also possible to access a nice landing page using the Oracle BugDB Bug number reference to a patch (taken from the XML Metadata file above) to construct a URI of the form:

https://updates.oracle.com/download/9615556.html

The "View Digest" button on the landing page shows the MD4 and SHA-1 Checksums for the patch.  The landing page also facilitates viewing of the README and download of the patch.

The "HTML version" of the patch README can be accessed two ways: 

https://updates.oracle.com/Orion/Services/download?type=readme&bugfix_name=120068-02 (using the PatchID) or

https://updates.oracle.com/Orion/Services/download?type=readme&aru=12450076 (using the Oracle BugDB Bug number reference to the README taken from the XML Metadata file above)

Both of the above URIs resolve to the same patch README.  The "HTML version" of the README contains a download link for the patch at the top of the page.  It also provides links to two key resources for Oracle Sun patching information:

It's also possible to directly access the MOS Flash-based download page using a URI of the form:

https://support.oracle.com/CSP/ui/flash.html#tab=PatchHomePage(page=PatchHomePage&id=gnrgyece()),(page=PatchDetailPage&id=gnrgyece(patchId=120068-02&patchType=Patch&patchName=120068-02))

Since patchsets are named a little differently, here's a table showing the relevant URIs for key patchsets:
Patchset Name
Landing Page
README
Download
XML Metadata
Checksums (subset of XML Metadata)
Recommended OS Patchset for Solaris 10 SPARC
Landing Page README Download XML Metadata

Click "View Digest" on Landing Page or extract from XML Metadata

Recommended OS Patchset for Solaris 10 x86
Landing Page README Download XML Metadata

Click "View Digest" on Landing Page or extract from XML Metadata

Critical Patch Update (CPU) Patchset for Solaris 10 SPARC, Apr 2013
Landing Page README Download XML Metadata Checksums
Critical Patch Update (CPU) Patchset for Solaris 10 x86, Apr 2013
Landing Page README Download XML Metadata Checksums
Solaris 10 1/13 (Update 11) SPARC Patchset
Landing Page README

See Landing Page

XML Metadata Checksums
Solaris 10 1/13 (Update 10) x86 Patchset
Landing Page README See Landing Page XML Metadata Checksums
Here are some other useful links:
Sun Alerts - Knowledge article with summary of, and links to, all published Sun Alerts alerting customers to known Security (through the link to the "Critical Patch Update (CPU) and Security Alerts" page), Availability and Data Corruption issues
patchdiag.xref - metadata file listing latest available revision of all Oracle Sun 6-2 digit patches
withdrawn_patch_report - list of all Oracle Sun patches withdrawn from release in the last 12 months
weekly_patch_report - list of all Oracle Sun patches released in the last week

You can be proactively notified daily of Sun Alert issues (and other knowledge articles) by configuring the "Hot Topics" option in My Oracle Support:

   1. Go to url https://support.oracle.com/CSP/ui/flash.html
   2. Sign in
   3. Select the tab "More..." --> Settings
   4. Select "Hot Topics E-Mail" on the left
   5. Update the Hot Topics Settings
         1. Toggle the E-Mail to 'On'
         2. Ensure set "Send Every 1 Days"
         3. Select desired format (text or HTML)
         4. Set the item limit to some number larger than 5 (suggest 25)
         5. Set Service Request to "None"
         6. leave "Product Bugs Marked as Favorites" deselected
   6. Add the needed Sun Alert Filter(s) ** Note: To receive all Sun Alerts, use the following filter **
   7. Select  "Add..." (new window will pop up)
         1. Add the Product "Solaris SPARC Operating System"
         2. Add the Platform "GENERIC (All Platforms)"
         3. Check the "Knowledge Articles" box
         4. Check the "Alerts" box
         5. Select "OK" (selection window closes)
   8. Select "Save"
         1. You should be able to see your Hot Topics filter you just set up.
   9. Log out of MOS

Finally, for details on how to script access to resources such as the URIs listed above, check out:

MOS - Using 'wget' to Automate Sun Patch Downloads

I'd like to thank my colleague, Don O'Malley, for researching much of the above. 

I hope you find this helpful.

Best Wishes,

Gerry.

Monday Sep 05, 2011

Applying arbitrary patches using Ops Center

I asked my colleague, Juergen Fleischer, to let me know how to apply arbitrary patches - i.e. any specific patches you want to apply - using Ops Center.

Here's his response on how to do it:

Create a Custom Profile by selecting the desired patches. The Profile can get used for Compliance Reports or standard jobs to install these patches.

Here are the steps:

1) Select Plan Management -> Update Profiles

2) Select Action "New Profile" and name it appropiate e.g. "Solaris Cluster 3.1 APR-2011"

3) Select all required patches e.g. 120500-27 for SPARC and/or 120501-27 for x86 and save the Profile:

4) Use the Profile for plain Jobs, Reports, etc.

That's all

Best Wishes,

Gerry.

Monday Aug 29, 2011

Using smpatch to apply Solaris Cluster patches and other enhancements

It is now possible again to use the in-built Solaris 10 patch automation utility, 'smpatch' / Update Manager, to download patches for products such as Oracle Solaris Cluster and Oracle Solaris Studio, as well as Oracle Solaris Operating System patches. 

It is now also possible again to use 'smpatch' / Update Manager on 3rd party hardware. 

To utilize these capabilities, the system must be registered or re-registered as outlined in https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1347266.1

These steps effectively switch 'smpatch' / Update Manager from using hardware serial number based access entitlement to User based access entitlement, similar to the access entitlement mechanism used when downloading patches via 'wget' or manually via My Oracle Support (MOS).

The following patches are required to provide this functionality:

SPARC
121118-19  SunOS 5.10: Update Connection System Client 1.0.19
123893-25  SunOS 5.10: Cacao Patch
123005-09  SunOS 5.10: Basic Registration Update
124171-08  SunOS 5.10: SCN Base cacao module patch
123630-04  SunOS 5.10: HTTP proxy settings patch
x86
121119-19  SunOS 5.10_x86: Update Connection System Client 1.0.19
123896-25  SunOS 5.10_x86: Cacao Patch
123006-09  SunOS 5.10_x86: Basic Registration Update
124187-08  SunOS 5.10_x86: SCN Base cacao module patch
123631-04  SunOS 5.10_x86: HTTP proxy settings patch

'smpatch' / Update Manager patch 12111[89]-19 introduces other significant changes due to the migration to Oracle back-end infrastructure.  The download server and security certs have changed.  As My Oracle Support supports ".zip" file download only, this patch mandatorily migrates 'smpatch' / Update Manager from using ".jar" downloads to using ".zip" downloads.

Caveat: There is currently an issue affecting LPS (Local Proxy Server) functionality following the migration to the Oracle back-end infrastructure.  This issue is currently being worked on.

Thursday Aug 11, 2011

Applying the latest Solaris patches using Ops Center Enterprise Manager

A couple of customers have claimed to me that it's not possible to apply all the latest available Solaris patches using Ops Center Enterprise Manager.  I've checked with my colleagues in Ops Center, and it most certainly is possible.  Here's one way to do it: 

There are multiple ways to perform this task ...

Here is one using the "Report" feature:

1) Select "Host Compliance Report"

2) Use the default setting "Security and Bug fixes" and select proposed target system or group of targets:

3) The Report will show all downrev packages (e.g 824 pkgs) and will allow you to submit a job, that's all that's needed.

Looking at the Job log we can see:

# tail /var/scn/update-agent/logs/resolve.log

add 40025552 (145497-01)

add 40025545 (144998-03)

add 40025534 (145501-01)

add 40025472 (118712-24)

add 40025471 (121734-13)

add 40025380 (118777-17)

add 40024414 (125060-07)

add 40022356 (119788-10)

add 40015326 (121081-08)

Total number of sorted operations : 197

So in total we would install 197 patches.

Best Wishes,

Gerry.

Saturday Jul 02, 2011

A Solaris Recommended Patchset to bind them all

I've long been of the opinion that there should be a single generic set of Solaris recommended patches which customers are consistently recommended to install in proactive maintenance windows for issue prevention. It's something I've been working towards for quite a while.

A collaborative effort between the Software Patch Services, Enterprise Installation Standards (EIS), Sun Risk Analysis System (SRAS) - now renamed Oracle Risk Analysis Services (ORAS) - and the Explominer team in the Oracle Solaris Technical Center (TSC), has achieved this goal with the creation of the Recommended Patchset for Solaris.  

Up until now, while the Solaris OS Recommended Patch Cluster was the core basis for Solaris patch recommendations, various teams tended to recommend their own favorite patches on top of this core set.  This wasn't just by whim.  Each team was looking at patching from a slightly different angle - for example various angles of proactive patching (issue prevention) versus reactive patching (issue correction).

The Recommended Patchset for Solaris is the result of the combined wisdom of the various teams.  It is designed for proactive patching (issue prevention).  The contents are generic and should be suitable for most customer configurations.  You should still read the README file and follow its instructions to ensure all of the patches included are appropriate to your specific environment.  You should test the patchset on a test system which closely mimics your production systems prior to deployment. 

You may still legitimately be asked by support to install additional patches to fix issues specific to your environment in reactive maintenance situations (issue correction).  But this should only be after due diligence to ensure that such patches are likely to fix the specific issue encountered.

The Recommended Patchset for Solaris is the new name for the Solaris OS Recommended Patch Cluster.  It's available from MOS (including 'wget'), EIS, Ops Center, etc.  We've changed the name to use the Oracle standard terminology "patchset".  I never liked the name Solaris Patch Cluster as there was a risk of it being confused with the Solaris Cluster product to which it bears no relation.  In due course other patch "clusters" and patch "bundles" are likely to transition to the name "patchset". 

The install script and code word needed to invoke it (which is contained in the README file) have been renamed to reflect the name change from "cluster" to "patchset". 

Customers who have installed the Solaris OS Recommended Patch Cluster may notice the additional patches included in the Recommended Patchset for Solaris the first time they install it.  After that, it'll be business as usual.  Many of these additional patches are already pre-applied into Solaris Update releases, so customers on later update releases should see little difference.

As before, the Recommended Patchset for Solaris will continue to be updated whenever a patch matching its inclusion criteria is released.  This can happen several times a month.  Just take the latest which matches your proactive maintenance window schedule. 

And as before, once a quarter, the Recommended Patchset for Solaris will be archived and renamed as the Critical Patch Update in line with standard Oracle practice.  (See previous blog postings.)

To create the Recommended Patchset for Solaris, we took the Solaris OS Recommended Patch Cluster and analyzed the additional Solaris patches which the Explominer team recommend be added on top of it for the monthly EIS patch baselines. Where those additional patches added real value - i.e. were of significant benefit to many customers - we added them to the recommended patch set.  Where they didn't add real value, we discarded them.  We then made sure that a system on which the resultant Recommended Patchset for Solaris was installed passed with a clean bill of health from the ORAS risk analysis audits.

So now, the Solaris OS patches in the EIS patch baselines will be the Recommended Patchset for Solaris with input from the Explominer and other teams included, and will be tested with ORAS.  These are the patch baselines available in Ops Center.  We have set up a panel of patch experts from the teams mentioned above to adjudicate on future potential additions to the Recommended Patchset for Solaris.

Previously, the criteria for including a patch in the Solaris OS Recommended Patch Cluster was quite strict: a patch had to address a Security, Data Corruption, or System Availability issue; be a patch utilities patch, or be required by the above.  In future, other patches which add real value for many customers may be included - for example, a patch for a commonly used driver which delivers significant performance improvements.  The goal remains the same - to include the most critical generic patches which we recommend customers install in proactive maintenance windows for issue prevention.

Additional patches outside of the patchset may still be required:

  • For other Oracle products - the Recommended Patchset for Solaris only includes Solaris Operating System patches.  Other products such as Oracle Solaris Cluster, Oracle Solaris Studio, Oracle Database, etc., may have their own patch recommendations.  The monthly EIS update includes patch sets for Oracle Solaris Cluster, SAMFS, QFS, and SunVTS in addition to the Recommended Patchset for Solaris.
  • For specific platforms - for example a Solaris driver patch if a particular network card is installed or where firmware updates are required
  • For specific configurations - for example if the system is connected to 3rd party storage solutions such as EMC Powerpath or Veritas
  • For specific issues in your configuration - for example, break/fix situations where an additional patch fixes the issue encountered

You can download the patchsets or view their Readmes directly, using the following links:

To downloads the patchsets (you must be logged into MOS):

https://updates.oracle.com/patch_cluster/10_Recommended.zip
https://updates.oracle.com/patch_cluster/10_x86_Recommended.zip

To download the patchset Readme files (no need to be logged into MOS):

https://updates.oracle.com/patch_cluster/10_Recommended.README
https://updates.oracle.com/patch_cluster/10_x86_Recommended.README

The above works for both flash and non-flash (html) MOS users.   Just substitute "9" for "10" to get the Solaris 9 Recommended patchsets and Readmes.

You can also download the patchsets using 'wget' for scripted access as normal.  (See previous blog postings.)  For example, the download filename for Recommended Patchset for Solaris 10 SPARC is still 10_Recommended.zip.

If, like me, you like to know how to do things from first principles, here's the way to construct the search on My Oracle Support:

For Flash compatible systems (full function MOS version):

  1. Login to My Oracle Support (MOS), https://support.oracle.com
  2. Click on the "Patches&Updates" tab
  3. Click on "Product or Family (Advanced Search)
  4. Type "Solaris Operating System" into the product search box
  5. Select the Releases you are interested in - e.g. Solaris 10 Operating System and Solaris 9 Operating System
  6. Select the Platforms you are interested in - e.g. Oracle Solaris on SPARC (64-bit) and Oracle Solaris on x86-64 (64-bit)
  7. Click on the "+" sign next at the end of the "Platforms" line to add additional search criteria
  8. Click of "Select Filter" and select "Type" from the drop-down menu
  9. Select "Patchset"
  10. Click "Search" 

For non-Flash users (html MOS version):

  1. Login to the html version of My Oracle Support, https://supporthtml.oracle.com
  2. Click on the "Patches & Updates" tab
  3. Click on the Advanced Search tab in the search box
  4. Type "Solaris Operating System" in the product search box 
  5. Select the Releases you are interested in - e.g. Solaris 10 Operating System and Solaris 9 Operating System
  6. Select the Platforms you are interested in - e.g. Oracle Solaris on SPARC (64-bit) and Oracle Solaris on x86-64 (64-bit)
  7. For Type, select "Patchset"
  8. Click Search

MOS remembers your previous selections and they'll be shown top of each drop down menu on subsequent invocations.  You can also save searches for future re-use.

I want to thank Don O'Malley, Ed Clark, Howard Mills and the EIS team, Juergen Schleich and the Explominer team, Dr. Rex Martin and the ORAS team, and Rob Hulme and Walter Fisch from the Oracle Technical Support Center (TSC) for all their work in making a single consistent Recommended Patchset for Solaris a reality.

As always, I'm interested to hear your feedback.

Best Wishes,

Gerry.

Friday Jan 28, 2011

Resolving 'smpatch' / Update Manager issues

A number of customers have reported issues with 'smpatch' / Update Manager resulting from the recent migration to the My Oracle Support (MOS) infrastructure.

My colleagues BethB, PeterM, and EthanR have published Document 1288579.1 which explains what to do if you are unable to register systems & download patches via sconadm, smpatch, and Update Manager . This document is also accessible via the Oracle Sun OS Community page too.

I apologize most sincerely for any inconvenience caused.

Thursday Jan 13, 2011

List of new and up'rev'd packages in each Solaris 10 Update

Here are lists in .pdf (SPARC / x86) and OpenOffice (SPARC / x86) format of new and up'rev'd packages in each Solaris 10 Update release.

As you may know from my previous blog postings, Oracle Sun recommends customers to install or upgrade to the latest Solaris 10 Update in major maintenance windows. Based on a request from customers whose change control policies prevent them from upgrading, we've been producing Solaris Update Patch Bundles which bring pre-existing packages up to the same software level as the corresponding Solaris Update.  The difference is that the Patch Bundles don't provide new or up'rev'd packages introduced in the corresponding Solaris Update.

For customers considering use of the Solaris Update Patch Bundles, that raises the obvious question as to which packages are introduced or up'rev'd in each Solaris Update release.  The lists above answer that question.

Aside: As discussed in previous blog postings, all core Solaris OS packages are updated via patches.  The up'rev'd packages above refer to some 3rd party and community based apps included in Solaris (e.g. Mozilla Firefox, Thunderbird, etc.) which are updated via package updates (i.e. where one package version is removed and replaced with a later version).  This is to tie in better with the release strategy for such apps.

Many thanks to my colleague, Roisin Doran, for all her work in putting this together.

I'll ask Roisin to work with the Technical Writers to include updated versions of these lists in future Solaris 10 Update release documentation.

Tuesday Jan 11, 2011

Changes in security policies for the Sun product lines

A colleague of mine kindly forwarded this document detailing the changes and improvements in security policies for Sun product lines as a result of the integration into Oracle.  I hope you find it useful.

Monday Jan 10, 2011

Searching for Oracle Sun patches in My Oracle Support (MOS)

My colleague, Mike Brown, has published this knowledge article which you may wish to bookmark, pointing to frequently accessed Oracle Solaris patch deliverables, including the Recommended patch clusters, quarterly Critical Patch Updates (CPUs), Solaris Update Patch Bundles, patch utilitiy patches, patchdiag.xref, the checksums file, and the LU Zones Starter Patch Bundle.

Also, here's a cut-and-paste of my response to some comments posted regarding finding Oracle Sun patches on My Oracle Support (MOS) which I hope you'll find useful.

To get the Solaris patch clusters and patch bundles, use the "Product or Family (Advanced Search)" option on the "Patches & Updates" tab. Select:

  • Product is Solaris Operating System
  • Release is Solaris 10 Operating System
  • select "Type" instead of "Platform" and Type is "Patchset"

...and it'll return all Solaris 10 patch clusters and patch bundles. This includes the Solaris OS Recommended Patch Clusters, the Solaris Update Patch Bundles, the Solaris OS Critical Patch Updates (CPUs), Live Upgrade (LU) Zones Patch Bundle, etc.

You can add further search filters, e.g. Platform is Oracle Solaris on SPARC (64-bit), to further refine the results.

Using "Platform" is useful to eliminate the double-entries for 32-bit and 64-bit. These dual returns are a pet peeve of mine and I'm continuing to work with the MOS team to get this "fixed" in a future release. They are an historical artifact from Oracle DB platform porting and are not relevant to the Solaris OS.

Note that the alternative option for "Type" is "Patch", which can be used to search for individual patches.

Please note that you can see all revisions of a patch by searching with the format 119254-% . The "-" (dash) is required in the current version of MOS.

You can also search for words included in the Patch Synopsis by using the Description field. For example:

  • Product is Solaris Operating System
  • Release is Solaris 10 Operating System
  • Type is Patch
  • Platform is Oracle Solaris on SPARC (64-bit)
  • Description contains patch utilities

In the example above, the Description option searches for the phrase "patch utilities" in the Synopsis line of patches. This returns the Solaris 10 SPARC patch utility patches.

Since the synopsis line of patches is free format, some guesswork is involved in searching using this method. For example "patch utility" returns nothing. "IP" returns more than just TCP/IP related patches.

Alternatively, you can use "Classification", which can be set to "Security" to return Security patches.

Click on the "Updated" column in the search returns to get these listed from earliest to latest or vice versa.

Firmware updates are also available from My Oracle Support.

  • Click on "Produce or Family (Advanced Search)".
  • Select the hardware product you are interested in.   For example, type "x6" and select, Product is Sun Blade X6440 Server 
    Module.
  • Select the Release(s) you are interested in, e.g. Release is X6440 SW 2.2.0
  • Click Search.

My understanding is that MOS currently limits search results to 100 entries in the current version and again I'm discussing "fixing" this with the MOS team in a later release.

Searches can be edited and saved for re-use at a later date.  MOS also remembers selections you've made in previous sessions which is a useful feature.

A "Classification" of "Other Recommended" rather logically will give other non-security recommended patches included in the Solaris OS Recommended Patch Cluster. (In MOS terminology, "Security" and "Other Recommended" together are equivalent of the old Sun "Recommended" term.) But if you want to know exactly what's in the Solaris OS Recommended Patch Cluster, it's easier to simply look at the patch  list in the Cluster README.

As discussed in the http://blogs.sun.com/patch/entry/solaris_10_recommended_patching_strategy which I published last week, we're really trying to encourage customers to move away from selecting unique patch combinations and to instead use the Solaris OS patch clusters and patch bundles as the core of your patching strategy.

But there is still occasionally the need to search for individual patches to address specific issues.

If you are looking for individual patches to address a specific CR, then use "Patch Name, Number, or Sun CR ID" search option instead of "Product or Family (Advanced Search)". For example, enter Sun CR ID 6927931 and patch 119254-78 is returned which is the patch in which the CR is fixed. A CR which was fixed a long time ago, e.g. 6486471, will return all patch revisions which contain the fix, so you can decide whether you want to take the latest patch revision which fixes it or the earliest.

As I say, I'm continuing to work with the MOS team to enhance the customer experience further, but I hope you find the above tips helpful.

A colleague in MOS has kindly forwarded a link to a tutorial on the PowerView feature in MOS which you may find useful.

Best Wishes,

Gerry.

Thursday Jan 06, 2011

Solaris 10 Recommended Patching Strategy

Here's a document and a corresponding presentation I've written describing the Oracle Solaris 10 Recommended Patching Strategy. They contain a number of links to resources which I hope you will find useful.

As always, I look forward to your feedback.

BTW: If you have any queries about patching, why not post them on the Oracle Solaris Install, Booting, and Patching Community Forum.

Best Wishes,

Gerry.

Thursday Nov 18, 2010

Test site available for SunSolve to MOS transition changes

My SunSolve colleagues tell me that the ability to test sample scripted My Oracle Support (MOS) patch downloads is now available. 

If you use scripted patch downloads, e.g. using 'wget', I highly recommend you take this opportunity to test the necessary changes to the download syntax in advance of the transition from SunSolve to MOS which is currently scheduled for December 10.

The document detailing the 'wget' syntax changes relating to the upcoming transition from SunSolve to MOS, http://sunsolve.sun.com/search/document.do?assetkey=1-79-1199543.1-1, has been updated with the relevant instructions.  I suggest you bookmark that document and return to it regularly for updates.

Friday Oct 15, 2010

Using Live Upgrade in complex environments

One of my senior engineers, Enda O'Connor, has written a document on Patching Solaris using Advanced Live Upgrade Strategies for Zones and Clusters which I hope you will find useful.

Enjoy!

Solaris Updates and Patch Bundles in the picture

A colleague of mine, Ken Brucker, has drawn this picture showing the composition of Solaris Updates which you may find useful to visualize the process.  

See the relevant slides from the presentation on http://blogs.sun.com/patch/entry/updated_customer_patching_presentation_and for more detailed information.

Thursday Oct 14, 2010

Goodbye SunSolve, Helloooo MOS!

As Miriam Brace's recent blog post signals, it's nearly time to say goodbye to SunSolve as the transition to My Oracle Support (MOS) continues.

There's syntax changes for 'wget' users which are detailed on SunSolve and copied on ISP.  This document includes details on how to continue to access the patch metadata files 'patchdiag.xref' and 'checksums'.

As per my previous posting, Oracle Sun patches and patch clusters/bundles are already available from MOS.

Expect to hear more news on the migration, including timelines, in the near future.  SunSolve and Miriam's blog are good sources of up to date information.

Tuesday Oct 12, 2010

Oct 2010 Solaris OS CPU now available

The October 2010 Solaris OS CPU (Critical Patch Updates) containing all available Security, Data Corruption, and System Availability fixes are now available from My Oracle Support (MOS) and SunSolve.

See http://www.oracle.com/technetwork/topics/security/alerts-086861.html and in particular Document 1446032.1 on My Oracle Support (MOS), http://support.oracle.com, which includes CVE mappings for Oracle Sun products. 

To access the Solaris OS CPUs on MOS, login, select the "Patches & Updates" tab and in the "Patch Search" box, click on "Product or Family (Advanced Search)".  Select "Solaris Operating System" from the product drop down menu, select the Release(s) you are interested in, e.g. "Solaris 10 Operating System", select "Type" and "Patchset" from the drop down menus on the next line, and click "Search".  This will show all the available patch clusters and bundles for your search criteria.  The October 2010 CPUs have titles of the form "CPU OS Cluster 2010/10".

The Solaris OS CPUs are archived copies of the Solaris OS Recommended Patch Clusters.  See http://blogs.sun.com/patch/entry/solaris_critical_patch_updates_cpus for further details.

Best Wishes,

Gerry Haskins
Director, Software Patch Services

Monday Sep 27, 2010

Patching Strategy, Oracle Open World Presentation

Hi Folks,

Here's the presentation on Oracle Solaris Patching Strategy and Best Practices which Bob Netherton and I gave last week at Oracle Open World.

It was really great to meet so many customers.  If you have any patch related questions, please feel free to follow up with me.

Best Wishes,

Gerry Haskins
Director, Software Patch Services, Solaris Systems.

Saturday Sep 18, 2010

Solaris 10 9/10 (Update 9) Patch Bundle now available

The Solaris 10 9/10 (Update 9) Patch Bundles are now available from SunSolve and My Oracle Support (MOS).

These patch bundles provides the set of patch pre-applied into the corresponding Solaris 10 9/10 (Update 9) release image.  These patches provide all the Solaris 10 bug fixes which were available when the contents of the Solaris 10 9/10 release was finalized.

See http://blogs.sun.com/patch/entry/solaris_10_10_08_patch for further information on Solaris Update Patch Bundles.

See http://blogs.sun.com/patch/entry/oracle_sun_patches_now_available for information on how to access patch bundles on MOS.

Many thanks to the Patch System Test, Patch Operations and Distribution, and SunSolve teams for expediting the release of these patch bundles.

Tuesday Sep 14, 2010

I hope to see you at Oracle Open World

I'll be presenting on the Oracle Solaris Recommended Patch Strategy at Oracle Open World next week:

SESSION SCHEDULE INFORMATION

ID#: S316255
Title: Patching Best Practices for the Oracle Solaris Operating System
Track: Oracle Solaris
Date: 23-SEP-10
Time: 13:30 - 14:30
Venue: Moscone South
Room: Rm 301

I'll be at Oracle Open World Monday, September 20th, Wednesday, September 22nd, and Thursday, September 23rd.

I'd be delighted to meet you there.  If you'd like to meet me to discuss anything to do with patching, please email me at Gerry.Haskins@oracle.com

For those who can't make it to Oracle Open World, I'll post the presentation here after the event.  I'm also happy to talk to you by phone if you'd like to discuss anything about patching.

Best Wishes,

Gerry Haskins 
Director, Software Patch Services, Solaris Systems

Thursday Sep 09, 2010

Solaris 10 9/10 (Update 9) released

Solaris 10 9/10 (Update 9) has been released.  See here for information and here for the download (remember to accept the license agreement at the top).  There's also a podcast and a dedicated Solaris blog.

A number of technical articles have been released, including George Wilson's video overview of ZFS enhancements in Solaris 10 9/10.

As with all Solaris Updates, Solaris 10 9/10 contains all available bug fixes which were available at the time that its contents were finalized, pre-applied into the Solaris Update image. 

It also contains a significant number of feature enhancements as described in the above links.

The corresponding Solaris Update Patch Bundle is currently in test and I expect that it should be released in a similar timeframe to previous Updates.  See http://blogs.sun.com/patch/entry/solaris_10_10_08_patch  for information on Solaris Update Patch Bundles.

All standard patches in Update 9 have already been released to SunSolve and My Oracle Support (MOS).  I've updated the Solaris 10 Kernel PatchID Sequence entry below with the Kernel PatchIDs for Solaris 10 9/10 (Update 9).

As with previous Updates, there are a small number of "special" or "script" patches whose sole purpose is to correct issues in the pre-application of patches to the Solaris Update release image.  Since these patches have no purpose whatsoever outside of the Solaris Update build process, they are not released to SunSolve/MOS.   Newer "special" patches have PatchIDs of the format 800xxx to make them easily identifiable, but old "special"/"script" patches are identifable by the words "SPECIAL PATCH" and/or "script patch" in the patch synopsis.  See the SPARC and x86 patch lists. 

<pet peeve>

Please note it is incorrect to refer to Kernel Patch 142909-17 (SPARC) / 142910-17 (x86) as the "Update 9 Kernel patch".  It is the latest Kernel Patch included in Update 9, but this Kernel patch can equally be applied to all previous Solaris 10 releases.   Solaris Updates are built from patches (and a few new packages), patches are not built from Solaris Updates.

</pet peeve>

Thursday Aug 05, 2010

Updated Customer Patching Presentation (and other stuff)

I've updated my Patching Presentation for customers, see http://blogs.sun.com/patch/entry/patch_presentation_for_customers

I hope you find it useful.

Also, I forgot to blog about an enhancement we made in March 2010 to the Solaris Update Patch Bundles.  The Solaris Update Patch Bundles now add a line to /etc/release when they are installed to make it easier to determine that they've been applied - i.e. that all pre-existing packages on the system have been patched up to the same software level as the corresponding Solaris Update.

On a related note, Oracle 11gR2 requires customers to have Solaris 10 10/08 (Update 6) installed.  From Version 11.2.0.3 it will accept the corresponding Solaris Update Patch Bundle as being sufficient to meet this requirement.  The modification of /etc/release by the Solaris Update Patch Bundle is partially to help support this.

Thursday Jul 29, 2010

Oracle Sun patches now available from My Oracle Support (MOS)

As you may already know, Oracle Sun patches are now available from My Oracle Support (MOS).

We've uploaded over 30,000 6-2 digit PatchIDs to MOS, including all Solaris 8, 9, and 10 patches, SunCluster, and patches for over a thousand other products.  Any patch for these products which was available on SunSolve is now also available from MOS, making MOS your one stop support shop for all Oracle products.

My colleague David F. Campbell has also completed the upload of all patch and firmware update content to MOS from CDS (Content Delivery System, formerly the Sun DownLoad Center (SDLC)).

Any another colleague, Tom Murray, has completed the upload of StorageTek patch content natively to MOS too. Most StorageTek patches are in a mainframe patch format and are not applied using the Solaris 'patchadd' utility.  To host them on SunSolve after the StorageTek acquistion, we wrapped them in a 6-2 digit PatchID.  However, it doesn't make sense to wrap these StorageTek 6-2 digit PatchIDs in Oracle BugDB IDs which would be a second level of indirection.  Therefore, Tom has uploaded them in their native format to MOS.

Customers with an Oracle support contract can log into My Oracle Support.  The full functionality version is Flash based, https://support.oracle.com.   There is also a limited functionality html version, https://supporthtml.oracle.com .

Click on the "Patches & Updates" tab and you'll see that the Patch Search options have been expanded to "Patch Name, Number or Sun CR ID".  As it suggests, you can search by the 6-2 digit PatchID or a Sun CR (Change Request) number (i.e. 7 digit BugID).

Please note that you can see all revisions of a patch by searching with the format 119254-% .  The "-" (dash) is required in the current version of MOS.

To get the Solaris patch clusters and patch bundles, use the "Product or Family (Advanced Search)" option on the "Patches & Updates" tab. Select:

  • Product is Solaris Operating System
  • Release is Solaris 10 Operating System
  • Select "Type" instead of "Platform" and Type is "Patchset"

...and it'll return all Solaris 10 patch clusters and patch bundles. This includes the Solaris OS Recommended Patch Clusters, the Solaris Update Patch Bundles, the Solaris OS Critical Patch Updates (CPUs), Live Upgrade (LU) Zones Patch Bundle, etc.

You can add further search filters, e.g. Platform is Oracle Solaris on SPARC (64-bit), to further refine the results.

Using "Platform" is useful to eliminate the double-entries for 32-bit and 64-bit.  These dual returns are a pet peeve of mine and I'm continuing to work with the MOS team to get this "fixed" in a future release.  They are an historical artifact from Oracle DB platform porting and are not relevant to the Solaris OS.

Note that the alternative option for "Type" is "Patch", which can be used to search for individual patches.

For example:

  • Product is Solaris Operating System
  • Release is Solaris 10 Operating System
  • Type is Patch
  • Platform is Oracle Solaris on SPARC (64-bit)
  • Description contains patch utilities

In the example above, the Description option searches for the phrase "patch utilities" in the Synopsis line of patches. This returns the Solaris 10 SPARC patch utility patches.

Since the synopsis line of patches is free format, some guesswork is involved in searching using this method. For example "patch utility" returns nothing. "IP" returns more than just TCP/IP related patches. "firmware" returns any patch with the word "firmware" in its Synopsis.

Alternatively, you can use "Classification", which can be set to "Security" to return Security patches.

Click on the "Updated" column in the search returns to get these listed from earliest to latest or vice versa.

My understanding is that MOS currently limits search results to 100 entries in the current version and again I'm discussing "fixing" this with the MOS team in a later release.

Searches can be edited and saved for reuse at a later date.

A "Classification" of "Other Recommended" rather logically will give other non-security recommended patches included in the Solaris OS Recommended Patch Cluster. (In MOS terminology, "Security" and "Other Recommended" together are equivalent of the old Sun "Recommended" term.) But if you want to know exactly what's in the Solaris OS Recommended Patch Cluster, it's easier to simply look at the patch list in the Cluster README.

As discussed in the http://blogs.sun.com/patch/entry/solaris_10_recommended_patching_strategy which I published yesterday, we're really trying to encourage customers to move away from selecting unique patch combinations and to instead use the Solaris OS patch clusters and patch bundles as the core of your patching strategy.

If you are looking for individual patches to address a specific CR, then use "Patch Name, Number, or Sun CR ID" search option instead of "Product or Family (Advanced Search)". For example, enter Sun CR ID 6927931 and patch 119254-78 is returned which is the patch in which the CR is fixed. A CR which was fixed a long time ago, e.g. 6486471, will return all patch revisions which contain the fix, so you can decide whether you want to take the latest patch revision which fixes it or the earliest.

For firmware patches:

  • Go to the "Patches & Updates" tab
  • Click on "Produce or Family (Advanced Search)"
  • Select the hardware product in which you are interested.  For example, type "x6" and select, Product is Sun Blade X6440 Server Module.
  • Select the Release(s) you are interested in, e.g. Release is X6440 SW 2.2.0
  • Click Search.

As I say, I'm continuing to work with the MOS team to enhance the customer experience further, but I hope you find the above tips helpful.

 So which Oracle Sun patches are currently available from MOS ?:

  • Over 30,000 Oracle Sun 6-2 digit PatchIDs (i.e. of the format xxxxxx-xx) for over a thousand products and product versions.  This includes all Solaris 8, 9, and 10 patches, SunCluster patches, etc.
  • All the Oracle Sun Patch Clusters and Patch Bundles
  • All the patch and firmware update content previously hosted on CDS (Content Delivery System, formerly the Sun DownLoad Center (SDLC))
  • All StorageTek patches

What's not transitioned to MOS ?:

  • Really, really old patches, such as SunOS 1.x patches, Solaris 7 and older patches, etc.   These are utterly obsolete products so there's no point in propagating this crud forward.
  • Public patches available without a support contract, such as OpenOffice and StarOffice patches.  It is planned to support these in a future MOS release.  In the meantime, they can be downloaded from https://sspatch.oracle.com/showMe.do?page=public
  • Some patch metadata files such as the "Checksum" and "patchdiag.xref" files.  It is planned to support these in a future MOS release.  In the meantime, they can be downloaded from https://support.oracle.com/CSP/main/article=?cmd=show&type=NOT&id=1272947.1

Terminology: You say potato, I say potato, and Dan Quail says "potatoe"

There's an unfortunate patch terminology clash between Oracle and Sun patches which you need to be aware of:

  • The Sun term "obsolete" equates to the Oracle term "superseded" - i.e. a patch which is no longer the latest patch is a sequence.
  • The Sun term "withdrawn" equates to the Oracle term "obsolete" - i.e. a patch withdrawn from release due to problems with it.

Since the term "obsolete" is deeply embedded in SVR4 patching, e.g. the variable name SUNW_OBSOLETE in the pkginfo files, it is not possible for us to change it.  Neither is it likely that Oracle will change their terminology as it's well known in DB and Fusion middleware circles.  Users simply need to be aware of this terminology clash when dealing with Oracle Sun SVR4 based patches.

I hope this doesn't become a hot potato. :)

Best Wishes,

Gerry.

Monday Feb 01, 2010

'wget', 'pca', and TLP users need to accept updated software license

As the software license agreement terms were updated last week upon Sun becoming a wholly owned subsiduary of Oracle, customers who use 'wget' to automate patch downloads from SunSolve will need to login in once to SunSolve and accept the updated software license agreement before they can continue to use 'wget'.   Please note that some popular patch automation tools such as Traffic Light Patching (TLP) and the 3rd party 'pca' tool use 'wget' and hence this notice is applicable to them too.

http://sunsolve.sun.com currently has the following message at the top of the SunSolve home page:

Alert: wget customers ~ Please log into SunSolve to re-accept the new Software License Agreement prior to running any wget scripts. You can also look under "Update Account" and refer to:
Step 5: Register for patch download automation
Check the box to confirm that you read the license and save the changes. Downloads will work as normal at this point.

Friday Jan 29, 2010

Important new features in latest PatchFinder release

Firstly, please allow me to get something off my chest:

HALLELUJAH!!!

It's been a long wait and we're finally there!

I, for one, am tickled pink.

There's likely be a lot of changes for all of us in the coming months, some good, some maybe controversial to some folk, but I passionately believe that Oracle will bring much needed commercial sense which will ensure that Solaris and Sun-Oracle hardware continues to innovate like hell to provide the solutions you, our customers, need.  So strap yourselves in, the fun is about to begin!

But much more than the red Oracle logo has changed on PatchFinder today.

I want to let you know about two key new features which I believe significantly improve our customers' patch searching experience:

Search for Patches which deliver New Security Fixes 

The PatchFinder "Security Filter" now differentiates between patches which introduce a new security fix (shown by the "NS" symbol in search returns) and patches which simply deliver any security fix, either new or pre-existing (shown by the "S" symbol in search returns). 

Up until now only the latter was available, which made it difficult for customers to differentiate between patch revisions which deliver new security fixes and patch revisions which simply re-deliver old security fixes.

The "New Security Fix" search option under "Security Filter" should typically be used in combination with the "Show Obsolete" option so that you can see all patch revisions delivering new security fixes.  Otherwise you'll just see the subset of patches which are contain both new security fixes and are not obsoleted.

Solaris OS Patches which deliver (or redeliver) security fixes will continue to be added to the "Recommended" Patch Clusters as before, along with OS patches which deliver (or redeliver) Data Corruption or System Availability fixes, the latest patch utility patches, and any other patches required by the above.

Solaris OS Patches which deliver new security fixes will continue to be be added to the Sun Alert Patch Clusters as before, along with OS patches which deliver new Data Corruption or System Availability fixes, the latest patch utility patches, and any other patches required by the above.

But with this New Security Fix option in PatchFinder, you can now find all (6-2 digit PatchID) patches for all products which deliver new security fixes, not just Solaris OS patches.

BTW: This "New Security Fix" feature has actually been in PatchFinder since the last release in December, but this is the first opportunity I've had to blog about it.

Search for patches by the objects they deliver

You can now search for patches by the objects they deliver. 

For example, type "/usr/bin/vi" into the "File Included" search box, filter the search using the other search options if desired ( e.g. select "Solaris 10" under "OS Release" ), and PatchFinder will return the patches which deliver "/usr/bin/vi".  

This is useful if you are having problems with a particular utility or object and want to find if any patches are available for it.  Then reading the CR synopses listed in the README for the appropriate patches returned may help you figure out if the patch is likely to address the problem you are experiencing.

Try searching for "zoneadmd", or "genunix", for example.

Remember, if you enter something like "vi" or "ls" in the "File Included" search box, you'll get all objects which contain those strings in their pathnames, so a well qualified search such as "/usr/bin/vi" or "/usr/bin/ls" may be more useful.

Watch out for symlinks, e.g. on Solaris 10:

$ whence patchadd/usr/sbin/patchadd
/usr/sbin/patchadd
$ ls -l /usr/sbin/patchadd
lrwxrwxrwx   1 root     root          16 May 15  2009 /usr/sbin/patchadd -> ../lib/patch/pdo\*
So on Solaris 10, search for "/usr/lib/patch" rather than "/usr/sbin/patchadd" to find patch utility patches.  FYI, 'pdo' is the preprocessor to 'patchadd' on Solaris 10 and both are contained in /usr/lib/patch.  Alternatively, just search for "patchadd".

I hope you find these new PatchFinder features useful.   A lot of work went in behind the scenes, especially on ensuring the accuracy of the "New Security Fix" flag.  I'd like to thank my colleagues, Brian, Julien, Slim, Mark, Don, and the rest of the team for making these enhancements a reality.  Nice work guys!

Tuesday Dec 15, 2009

Veritas now supports Solaris Live Upgrade

As I've mentioned in a previous posting, Veritas now supports Solaris Live Upgrade.   Please see here for details.

Tuesday Nov 24, 2009

Do not apply packages from one Update onto a system installed with a different Update

I'd just like to make the following clear to customers:

Customers who install packages from one Update release (e.g. S10U6) on a system installed with another release (e.g. S10U3) risk corrupting their system.

You must not install packages from one Update release onto a system installed with any other Update release.

The reason for this is that all available patches are pre-applied into all packages for each Update release.   Patches and packages have a many-to-many relationship.  That is, one patch can patch many packages.   One package can be patched by many patches.

If you install a package from an Update release onto a system installed with a different Update release, you completely compromise future patch dependency checking as you've introduced patch metadata from a later Update release.   This is likely to lead to system corruption as further patches are applied.

'patchadd' checks that dependencies are satisfied when installing a patch.  If 'patchadd' finds any installed package patched with a patch which satisfies the dependency, it assumes the patch is applied to all packages.  This is done for performance reasons.  Hence, if a package from a later release is installed on the system, it's pre-applied patches may fool subsequent 'patchadd' invocations into thinking that a hard code dependency has been satisfied for all packages on the system when this is not the case.   The patch application will be allowed to continue, potentially corrupting the system.

The converse is also true.   If a package from an earlier Update is applied to a system, the patch delta from that Update to the Update installed on the system plus any additional patches installed on the system would need to be applied to the package to avoid a mismatch in software levels between the packages on this system, which could lead to incorrect patch dependency resolution and hence to system corruption.  Since this is difficult to get right, adding packages from a different Update release onto an installed system is, in general, unsupported. 

There are two exceptions to the above rules, for Live Upgrade and encryption packages.

  • Live Upgrade: If you are upgrading from Solaris 8 or Solaris 9 to Solaris 10, you need to apply the Live Upgrade packages from the Solaris 10 system to your Solaris 8 or Solaris 9 system.  See document 1004881.1 on My Oracle Support (MOS), http://support.oracle.com, for details.
  • SUNWcry\* encryption packages: These weren't included in the Solaris distribution prior to Solaris 10 8/07 (Update 4).  For pre-Update4 systems, the recommended way to get these packages is to upgrade to a later Update release.  For the reasons outlined above, while not recommended, a possible alternative is to download the packages from the Sun Download Center (SDLC), install them, and then re-apply any patches that patch the SUNWcry\* packages which you have already applied to the system (\*\*). Also, for the reasons outlined above, it is not recommended to apply the packages from the media of a later Update release, as you would need to ensure that all the other packages installed on the system are patched to the same or higher patch level  (e.g. by installing the appropriate Solaris Update Patch Bundle available from My Oracle Support, http://support.oracle.com) to avoid completely compromising future patch dependency checking on the system.

\*\* A way to check which patches need to be re-applied in this scenario is as follows:

cd /var/sadm/patch
egrep -i "PKG=SUNWcryr|PKG=SUNWcry" \*/log|cut -f1 -d /|sort -u

as in:

# cd /var/sadm/patch
# egrep -i "PKG=SUNWcryr|PKG=SUNWcry" \*/log|cut -f1 -d /|sort -u
127127-11
137137-09
139555-08
141444-09
#

The above example is on a system installed with Soalris 10 11/06 (Update 3).  The user would need to re-apply the patches listed above and be extremely careful to ensure they are applied in the correct dependency order as 'patchadd' will not be able to ensure the correct dependency order as it's dependency checking remains compromised until the added packages are brought up to the same patch level.

Please note that if a package from the same Update is applied to a system, then any additional patches already installed on the system that patch the added package must be re-applied to bring that package up to the same software level as the rest of the system.  This is called "incremental patching".   This is supported, but care must be taken.  The easiest way to do this is to reapply all patches installed on the system (as listed by 'patchadd -p').  This will bring the added package(s) up to the same software level as the rest of the system.  Again, you need to be extremely careful to ensure they are applied in the correct dependency order as 'patchadd' will not be able to ensure the correct dependency order as it's dependency checking remains compromised until the added packages are brought up to the same patch level as the rest of the system.

Best Wishes,

Gerry Haskins,
Director, Software Patch Services

About

This blog is to inform customers about patching best practice, feature enhancements, and key issues. The views expressed on this blog are my own and do not necessarily reflect the views of Oracle. The Documents contained within this site may include statements about Oracle's product development plans. Many factors can materially affect these plans and the nature and timing of future product releases. Accordingly, this Information is provided to you solely for information only, is not a commitment to deliver any material code, or functionality, and SHOULD NOT BE RELIED UPON IN MAKING PURCHASING DECISIONS. The development, release, and timing of any features or functionality described remains at the sole discretion of Oracle. THIS INFORMATION MAY NOT BE INCORPORATED INTO ANY CONTRACTUAL AGREEMENT WITH ORACLE OR ITS SUBSIDIARIES OR AFFILIATES. ORACLE SPECIFICALLY DISCLAIMS ANY LIABILITY WITH RESPECT TO THIS INFORMATION. ~~~~~~~~~~~~ Gerry Haskins, Director, Software Lifecycle Engineer

Search

Categories
Archives
« April 2014
MonTueWedThuFriSatSun
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
    
       
Today