By Gerry Haskins-Oracle on Jun 10, 2015
Here's an updated version of patching best practice presentation, PatchingBestPractice.pdf.
You can still find more verbose earlier versions in prior postings.
A customer once said to me that "bad news, delivered early, is relatively good news, as it enables me to plan for contingencies".
That need to manage expectations has stuck with me over the years.
And in that spirit, we issue Docs detailing known issues with Solaris 11 SRUs (Doc ID 1900381.1) and Solaris 10 CPU patchsets (Doc ID 1943839.1).
Many issues only occur in very specific configuration scenarios which won't be seen by the vast majority of customers.
A few will be subtle issues which have proved hard to diagnose and hence may impact a number of releases.
But providing the ability to read up on known issues before upgrading to a particular Solaris 11 SRU or Solaris 10 CPU patchset enables customers to make more informed and hence better decisions.
BTW: The Solaris 11 Support Repository Update (SRU) Index (Doc ID 1672221.1) provides access to SRU READMEs summarizing the goodness that each SRU provides. (As do the bugs fixed lists in Solaris 10 patch and patchset READMEs.)
For example, from the Solaris 11.2 SRU10.5 (184.108.40.206.0) README:
Why Apply Oracle Solaris 220.127.116.11.0
Oracle Solaris 18.104.22.168.0 provides improvements and bug fixes that are applicable for all the Oracle Solaris 11 systems. Some of the noteworthy improvements in this SRU include:
- Bug fix to prevent panics when using zones configured with exclusive IP networking, and DR has been used to add and remove CPUs from the domain (Bug 19880562).
- Bug fix to improve NFS stability when under stress (Bug 20138331).
- Bug fix to address the generation of FMA events on the PCIEX bus on T5-2 (Bug 20245857).
- Bug fix to improve the performance of the
zoneadm listcommand for systems running a large number of zones (Bug 20386861).
- Bug fix to remove misleading warning messages seen while booting the Oracle VM Server for SPARC guests (Bug 20341341).
- Bug fix to address NTP security issues, which includes the new slew always mode for leap second processing (Bug 20783962).
- OpenStack components have been updated to Juno. For more information, see OpenStack Upgrade Procedures.
- The Java 8, Java 7, and Java 6 packages have been updated. For more information, see Java 8 Update 45 Release Notes, Java 7 Update 80 Release Notes, and Java 6 Update 95 Release Notes.
Cross posting from my Solaris 11 Lifecycle blog, https://blogs.oracle.com/Solaris11Life/entry/orachk_health_checks_for_the as this is applicable to Solaris 10 too:
My colleagues, Susan Miller and Erwann Chénedé, have been working with the nice people behind the ORAchk tool (formerly RACcheck) to add Solaris health checks to the tool.
ORAchk 2.2.4, containing the initial 8 Solaris health checks, is now available:
ORAchk includes EXAchks functionality and replaces the popular RACcheck tool, extending the coverage based on prioritization of top issues reported by users, to proactively scan for known problems within:
ORAchk will expand in the future with more high impact checks in existing and additional product areas. If you have particular checks or product areas you would like to see covered, please post suggestions in the ORAchk community thread accessed from the support tab on the below document.
For more details about ORAchk see Document 1268927.1
Update: April 22, 2013, 17:10 PST: The issue is now fixed and the correct Solaris 10 SPARC Recommended patchset is now available from MOS. I apologize again for any inconvenience caused.
Due to human error, the incorrect Recommended patchset for Solaris 10 SPARC was uploaded to MOS on April 21, at ca. 18:54 PST. The April 20 2012 patchset was uploaded instead of the April 20 2013 patchset.
The date is in the patchset README, so if you've downloaded the Solaris 10 SPARC Recommended patchset in the last 24 hours, please check that the date is not 2012. If it is, please download the corrected version from MOS.
I apologize most sincerely for any inconvenience caused.
Posting updated June 6, 2013, with new Solaris 10 Kernel PatchIDs 150400-xx (SPARC) and 150401-xx (x86):
As usual, we've released a patchset of all the patches contained in Solaris 10 1/13 (Update 11):
This patchset can be applied to any existing Solaris 10 system to bring all pre-existing packages up to the same software level as Solaris 10 1/13.
It is not the same as upgrading to Solaris 10 1/13 (available here), as upgrading will additionally install any new packages delivered in the Update.
I've also updated my Solaris 10 Kernel PatchID sequence posting with the latest Solaris 10 Kernel PatchIDs, namely:
Please note that there are no more planned updates to Solaris 10, so these latest Kernel PatchIDs - 148888-xx (SPARC) / 148889-xx (x86) - will continue to be used for the foreseeable future.
Murphy's Law strikes again!
No sooner had I written that Solaris 10 Kernel PatchIDs 148888-xx (SPARC) and 148889-xx (x86) were here to stay for the foreseeable future, than the integration of the SR-IOV feature into rev-04 of these patches made it prudent to rejuvenate them.
So from July 2013, the Solaris 10 Kernel PatchIDs will change to be 150400-xx (SPARC) and 150401-xx (x86).
Dare I tempt fate again by saying these Solaris 10 PatchIDs are likely to remain the same for the foreseeable future ?
I've also updated my Useful Patch Related Downloads posting with links to the Solaris 10 1/13, Jan 2013 CPU, and latest Recommended patchsets.
The October 2012 security "Critical Patch Update" information and downloads are now available from My Oracle Support (MOS).
See http://www.oracle.com/technetwork/topics/security/alerts-086861.html and in particular Document 1475188.1 on My Oracle Support (MOS), http://support.oracle.com, which includes security CVE mappings for Oracle Sun products.
For Solaris 11, Doc 1475188.1 points to the relevant SRUs
containing the fixes for each issue. SRU12.4 was released on the CPU
date and contains the current cumulative security fixes for the Solaris
For Solaris 10, we take a copy of the Recommended Solaris OS patchset containing the relevant security fixes and rename it as the October CPU patchset on MOS. See link provided from Doc 1475188.1Doc 1475188.1 also contains references for Firmware, etc., and links to other useful security documentation, including information on Userland/FOSS vulnerabilities and fixes in https://blogs.oracle.com/sunsecurity/
My good buddy and all round good guy, Jeff McMeekin, has asked me to let you know that Version 5.3 of the Solaris Crash Analysis Tool is now available to download. This includes support for Solaris 11.
See http://blogs.oracle.com/solariscat/ for further details.
From my peer, Deb Smith:
We are very pleased to announce that Oracle Solaris Crash Analysis Tool, version 5.3 is now available on MOS.
With 5.3, functionally has been added to support Solaris 11, in addition to the previous Solaris versions (7,8,9,10) .
To download, login to My Oracle Support, https://support.oracle.com/ , and search for 13365310. Or if you prefer, from first principles: Click on Patches&Updates -> Select "Product or Family (Advanced Search)" and enter "Solaris Crash". Select the release as 5.3 and you will find list of patch numbers.
Thanks to many folks who helped to bring this about, with special Thanks to Keerthi Kondaka, John Harres, Dana Fagerstrom, Randy Tinkess, Ethan Rider, Fermina Quinones, Michael Bergeron, Monica Allison, Dolore Eccles, Teresa Chinn, Michele Van Doozer, Tracey Taylor, Beth Barrett, Steve Kent, Jeff McMeekin and Stefan Schneider.
On the basis that you can't have too much of a good thing, I've started a 2nd blog, the Solaris11Life blog , to enable me to blog about all aspects of the Solaris 11 Customer Maintenance Lifecycle, including policies, best practices, resource links, clarifications, and anything else which I hope you may find useful.
In my first post, I share my Solaris 11 Customer Maintenance Lifecycle presentation, which I gave at Oracle Open World and the recent Deutsche Oracle Anwendergruppe (DOAG) conference.
I'll be posting lots more there in the coming week as time allows, including secret handshake stuff on how to interpret IPS FMRI version strings.
In future, I'll post any Solaris 11 Customer Maintenance Lifecycle related material on the Solaris11Life blog, http://blogs.oracle.com/Solaris11Life , and any Solaris 10 or below material here on the Patch Corner blog, http://blogs.oracle.com/patch .
Today, we launch Solaris 11 in New York City.
Work on Solaris 11 started 7 years ago, as soon as Solaris 10 reached "code freeze".
About 6 years ago in a Solaris P-Team (Product Team) meeting, someone raised the repeatedly asked question as to when we planned to release Solaris 11.
A slightly exasperated Jeff Jackson said 11/11/11, half jokingly, half seriously. It made sense. It was in the right ballpark considering all the radical changes the architects wanted to make in Solaris 11. And what better date to launch Solaris 11 ?
175 bi-weekly builds and two release candidate respins later, and we're releasing Solaris "Nevada" build snv_175b, officially known as Solaris 11. But 2 days early. Ooops! I must admit to having been tempted to file a "Stopper" bug to cause enough of a smoke screeen to delay the release by two days. But early is good. So 11/9/2011 it is.
The Solaris 11 Tech Lead, David Comay, has posted some excuses - er, I mean "reasons" - on his blog as to why we're releasing 2 days early. See http://blogs.oracle.com/solaris for further information.
Having arrived in New York Tuesday afternoon, I went to the 9/11 memorial to pay my respects.
May I just say, well done New York! Well done America!
It's a truly excellent and moving memorial. The sound of the water falling and the patterns it makes as it falls into the abyss in the center of the very footprint where the twin towers stood is poignant symbolism. It's impossible not to be moved.
And the fact that all around the memorial is still a construction site, with all the sounds of rebuilding what was destroyed, is very apt indeed.
Evil will not triumph. Good will overcome.
It puts our humble efforts in stark perspective.
I hope you enjoy Solaris 11. It's our most radical Solaris release since SunOS 2.0. Virtualization built in. Cloud built in. Architected for maintainability. Scalability beyond your imagination (and mine!).
I'll be presenting an updated version of my Solaris 11 Customer Maintenance Lifecycle presentation at the DOAG (Deutsche Oracle Anwender Gruppe) Conference in Nuremberg, Germany, next week. I hope to meet some of you there.
I'll then post the presentation here on my blog.
Let the fun begin! Enjoy!
Just a quick heads-up that Solaris 9 will transition to Vintage support (old sun terminology) / Extended support (Oracle terminology) at the end of this month.
Solaris 9 patches released from November 1, 2011, will have Vintage/Extended access entitlement by default, which means that only customers with an Extended Support contract for Solaris will be able to access them.
Updates to the Recommended Solaris 9 OS Patchset will cease at that time.
Pre-existing Solaris 9 patches (and the final version of the Recommended Solaris 9 OS Patchset) will remain available under normal "OS" entitlement - i.e. they can be accessed without an Extended Support contract.
For more details, see:
Lifetime Support Policy brochure, especially pages 27 to 31
How Patches and Updates Entitlement Works, DocID 1269292.1
I forgot to let you know, but a couple of months ago, my colleagues, Don O'Malley and Ed Clark updated the Oracle Solaris Live Upgrade (LU) document describing the pre-requisites for Live Upgrade.
The original document was pretty convoluted and required several cups of strong coffee to parse. The updated version is a little easier to understand, even without caffeine.
Thanks also to Beth Barrett, Rick Ramsey, and Jon Bowman who helped make this happen.
I asked my colleague, Juergen Fleischer, to let me know how to apply arbitrary patches - i.e. any specific patches you want to apply - using Ops Center.
Here's his response on how to do it:
Create a Custom Profile by selecting the desired patches. The Profile can get used for Compliance Reports or standard jobs to install these patches.
Here are the steps:
1) Select Plan Management -> Update Profiles
2) Select Action "New Profile" and name it appropiate e.g. "Solaris Cluster 3.1 APR-2011"
3) Select all required patches e.g. 120500-27 for SPARC and/or 120501-27 for x86 and save the Profile:
4) Use the Profile for plain Jobs, Reports, etc.
A couple of customers have claimed to me that it's not possible to apply all the latest available Solaris patches using Ops Center Enterprise Manager. I've checked with my colleagues in Ops Center, and it most certainly is possible. Here's one way to do it:
There are multiple ways to perform this task ...
Here is one using the "Report" feature:
1) Select "Host Compliance Report"
2) Use the default setting "Security and Bug fixes" and select proposed target system or group of targets:
3) The Report will show all downrev packages (e.g 824 pkgs) and will allow you to submit a job, that's all that's needed.
Looking at the Job log we can see:
# tail /var/scn/update-agent/logs/resolve.log
add 40025552 (145497-01)
add 40025545 (144998-03)
add 40025534 (145501-01)
add 40025472 (118712-24)
add 40025471 (121734-13)
add 40025380 (118777-17)
add 40024414 (125060-07)
add 40022356 (119788-10)
add 40015326 (121081-08)
Total number of sorted operations : 197
So in total we would install 197 patches.
I've long been of the opinion that there should be a single generic set of Solaris recommended patches which customers are consistently recommended to install in proactive maintenance windows for issue prevention. It's something I've been working towards for quite a while.
A collaborative effort between the Software Patch Services, Enterprise Installation Standards (EIS), Sun Risk Analysis System (SRAS) - now renamed Oracle Risk Analysis Services (ORAS) - and the Explominer team in the Oracle Solaris Technical Center (TSC), has achieved this goal with the creation of the Recommended Patchset for Solaris.
Up until now, while the Solaris OS Recommended Patch Cluster was the core basis for Solaris patch recommendations, various teams tended to recommend their own favorite patches on top of this core set. This wasn't just by whim. Each team was looking at patching from a slightly different angle - for example various angles of proactive patching (issue prevention) versus reactive patching (issue correction).
The Recommended Patchset for Solaris is the result of the combined wisdom of the various teams. It is designed for proactive patching (issue prevention). The contents are generic and should be suitable for most customer configurations. You should still read the README file and follow its instructions to ensure all of the patches included are appropriate to your specific environment. You should test the patchset on a test system which closely mimics your production systems prior to deployment.
You may still legitimately be asked by support to install additional patches to fix issues specific to your environment in reactive maintenance situations (issue correction). But this should only be after due diligence to ensure that such patches are likely to fix the specific issue encountered.
The Recommended Patchset for Solaris is the new name for the Solaris OS Recommended Patch Cluster. It's available from MOS (including 'wget'), EIS, Ops Center, etc. We've changed the name to use the Oracle standard terminology "patchset". I never liked the name Solaris Patch Cluster as there was a risk of it being confused with the Solaris Cluster product to which it bears no relation. In due course other patch "clusters" and patch "bundles" are likely to transition to the name "patchset".
The install script and code word needed to invoke it (which is contained in the README file) have been renamed to reflect the name change from "cluster" to "patchset".
Customers who have installed the Solaris OS Recommended Patch Cluster may notice the additional patches included in the Recommended Patchset for Solaris the first time they install it. After that, it'll be business as usual. Many of these additional patches are already pre-applied into Solaris Update releases, so customers on later update releases should see little difference.
As before, the Recommended Patchset for Solaris will continue to be updated whenever a patch matching its inclusion criteria is released. This can happen several times a month. Just take the latest which matches your proactive maintenance window schedule.
And as before, once a quarter, the Recommended Patchset for Solaris will be archived and renamed as the Critical Patch Update in line with standard Oracle practice. (See previous blog postings.)
To create the Recommended Patchset for Solaris, we took the Solaris OS Recommended Patch Cluster and analyzed the additional Solaris patches which the Explominer team recommend be added on top of it for the monthly EIS patch baselines. Where those additional patches added real value - i.e. were of significant benefit to many customers - we added them to the recommended patch set. Where they didn't add real value, we discarded them. We then made sure that a system on which the resultant Recommended Patchset for Solaris was installed passed with a clean bill of health from the ORAS risk analysis audits.
So now, the Solaris OS patches in the EIS patch baselines will be the Recommended Patchset for Solaris with input from the Explominer and other teams included, and will be tested with ORAS. These are the patch baselines available in Ops Center. We have set up a panel of patch experts from the teams mentioned above to adjudicate on future potential additions to the Recommended Patchset for Solaris.
Previously, the criteria for including a patch in the Solaris OS Recommended Patch Cluster was quite strict: a patch had to address a Security, Data Corruption, or System Availability issue; be a patch utilities patch, or be required by the above. In future, other patches which add real value for many customers may be included - for example, a patch for a commonly used driver which delivers significant performance improvements. The goal remains the same - to include the most critical generic patches which we recommend customers install in proactive maintenance windows for issue prevention.
Additional patches outside of the patchset may still be required:
You can download the patchsets or view their Readmes directly, using the following links:
To downloads the patchsets (you must be logged into MOS):
To download the patchset Readme files (no need to be logged into MOS):
The above works for both flash and non-flash (html) MOS users. Just substitute "9" for "10" to get the Solaris 9 Recommended patchsets and Readmes.
You can also download the patchsets using 'wget' for scripted access as normal. (See previous blog postings.) For example, the download filename for Recommended Patchset for Solaris 10 SPARC is still 10_Recommended.zip.
If, like me, you like to know how to do things from first principles, here's the way to construct the search on My Oracle Support:
For Flash compatible systems (full function MOS version):
For non-Flash users (html MOS version):
MOS remembers your previous selections and they'll be shown top of each drop down menu on subsequent invocations. You can also save searches for future re-use.
I want to thank Don O'Malley, Ed Clark, Howard Mills and the EIS team, Juergen Schleich and the Explominer team, Dr. Rex Martin and the ORAS team, and Rob Hulme and Walter Fisch from the Oracle Technical Support Center (TSC) for all their work in making a single consistent Recommended Patchset for Solaris a reality.
As always, I'm interested to hear your feedback.
My colleagues in Services are running Best Practice Webinars on knowledge searching and how to find Firmware, Storage updates, and Oracle Solaris patchsets.
The next sessions for patching are this Thursday, Feb 18th, at 9AM MT (U.S. Mountain Time) and 5PM MT. If you miss these, don't worry, there's more being hosted through to the end of April 2011. See below.
Log into MOS and see
https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&doctype=SYSTEMDOC&id=1282218.1 for details.
Here's the blurb:
A number of customers have reported issues with 'smpatch' / Update Manager resulting from the recent migration to the My Oracle Support (MOS) infrastructure.
My colleagues BethB, PeterM, and EthanR have published Document 1288579.1 which explains what to do if you are unable to register systems & download patches via sconadm, smpatch, and Update Manager . This document is also accessible via the Oracle Sun OS Community page too.
I apologize most sincerely for any inconvenience caused.
As you may know from my previous blog postings, Oracle Sun recommends customers to install or upgrade to the latest Solaris 10 Update in major maintenance windows. Based on a request from customers whose change control policies prevent them from upgrading, we've been producing Solaris Update Patch Bundles which bring pre-existing packages up to the same software level as the corresponding Solaris Update. The difference is that the Patch Bundles don't provide new or up'rev'd packages introduced in the corresponding Solaris Update.
For customers considering use of the Solaris Update Patch Bundles, that raises the obvious question as to which packages are introduced or up'rev'd in each Solaris Update release. The lists above answer that question.
Aside: As discussed in previous blog postings, all core Solaris OS packages are updated via patches. The up'rev'd packages above refer to some 3rd party and community based apps included in Solaris (e.g. Mozilla Firefox, Thunderbird, etc.) which are updated via package updates (i.e. where one package version is removed and replaced with a later version). This is to tie in better with the release strategy for such apps.
Many thanks to my colleague, Roisin Doran, for all her work in putting this together.
I'll ask Roisin to work with the Technical Writers to include updated versions of these lists in future Solaris 10 Update release documentation.
My colleague, Mike Brown, has published this knowledge article which you may wish to bookmark, pointing to frequently accessed Oracle Solaris patch deliverables, including the Recommended patch clusters, quarterly Critical Patch Updates (CPUs), Solaris Update Patch Bundles, patch utilitiy patches, patchdiag.xref, the checksums file, and the LU Zones Starter Patch Bundle.
Also, here's a cut-and-paste of my response to some comments posted regarding finding Oracle Sun patches on My Oracle Support (MOS) which I hope you'll find useful.
To get the Solaris patch clusters and patch bundles, use the "Product or Family (Advanced Search)" option on the "Patches & Updates" tab. Select:
...and it'll return all Solaris 10 patch clusters and patch bundles. This includes the Solaris OS Recommended Patch Clusters, the Solaris Update Patch Bundles, the Solaris OS Critical Patch Updates (CPUs), Live Upgrade (LU) Zones Patch Bundle, etc.
You can add further search filters, e.g. Platform is Oracle Solaris on SPARC (64-bit), to further refine the results.
Using "Platform" is useful to eliminate the double-entries for 32-bit and 64-bit. These dual returns are a pet peeve of mine and I'm continuing to work with the MOS team to get this "fixed" in a future release. They are an historical artifact from Oracle DB platform porting and are not relevant to the Solaris OS.
Note that the alternative option for "Type" is "Patch", which can be used to search for individual patches.
Please note that you can see all revisions of a patch by searching with the format 119254-% . The "-" (dash) is required in the current version of MOS.
You can also search for words included in the Patch Synopsis by using the Description field. For example:
In the example above, the Description option searches for the phrase "patch utilities" in the Synopsis line of patches. This returns the Solaris 10 SPARC patch utility patches.
Since the synopsis line of patches is free format, some guesswork is involved in searching using this method. For example "patch utility" returns nothing. "IP" returns more than just TCP/IP related patches.
Alternatively, you can use "Classification", which can be set to "Security" to return Security patches.
Click on the "Updated" column in the search returns to get these listed from earliest to latest or vice versa.
Firmware updates are also available from My Oracle Support.
My understanding is that MOS currently limits search results to 100 entries in the current version and again I'm discussing "fixing" this with the MOS team in a later release.
Searches can be edited and saved for re-use at a later date. MOS also remembers selections you've made in previous sessions which is a useful feature.
A "Classification" of "Other Recommended" rather logically will give other non-security recommended patches included in the Solaris OS Recommended Patch Cluster. (In MOS terminology, "Security" and "Other Recommended" together are equivalent of the old Sun "Recommended" term.) But if you want to know exactly what's in the Solaris OS Recommended Patch Cluster, it's easier to simply look at the patch list in the Cluster README.
As discussed in the http://blogs.sun.com/patch/entry/solaris_10_recommended_patching_strategy which I published last week, we're really trying to encourage customers to move away from selecting unique patch combinations and to instead use the Solaris OS patch clusters and patch bundles as the core of your patching strategy.
But there is still occasionally the need to search for individual patches to address specific issues.
If you are looking for individual patches to address a specific CR, then use "Patch Name, Number, or Sun CR ID" search option instead of "Product or Family (Advanced Search)". For example, enter Sun CR ID 6927931 and patch 119254-78 is returned which is the patch in which the CR is fixed. A CR which was fixed a long time ago, e.g. 6486471, will return all patch revisions which contain the fix, so you can decide whether you want to take the latest patch revision which fixes it or the earliest.
As I say, I'm continuing to work with the MOS team to enhance the customer experience further, but I hope you find the above tips helpful.
A colleague in MOS has kindly forwarded a link to a tutorial on the PowerView feature in MOS which you may find useful.
Here's a document and a corresponding presentation I've written describing the Oracle Solaris 10 Recommended Patching Strategy. They contain a number of links to resources which I hope you will find useful.
As always, I look forward to your feedback.
BTW: If you have any queries about patching, why not post them on the Oracle Solaris Install, Booting, and Patching Community Forum.
The SunSolve front page says it all:
The MSC and SunSolve Will Retire on December 10, 2010
Find out what you need to know about the migration to My Oracle Support.
Stay up-to-date on the latest details about the migration to My Oracle Support. Access the My Oracle Support Welcome Center for transition information, training, significant changes, and Frequently Asked Questions.
The information on the Welcome Center will be updated regularly as the transition approaches, so please be sure to revisit the page often to get the latest updates.
See my previous postings, Oracle Sun patches now available from MOS , and Test site available for SunSolve to MOS transition for details on how to download patches from My Oracle Support (MOS).
Please note that I am not leading this transition and I will be unable to help with issues regarding access entitlement.
If you encounter issues with My Oracle Support, then:
My SunSolve colleagues tell me that the ability to test sample scripted My Oracle Support (MOS) patch downloads is now available.
If you use scripted patch downloads, e.g. using 'wget', I highly recommend you take this opportunity to test the necessary changes to the download syntax in advance of the transition from SunSolve to MOS which is currently scheduled for December 10.
The document detailing the 'wget' syntax changes relating to the upcoming transition from SunSolve to MOS, http://sunsolve.sun.com/search/document.do?assetkey=1-79-1199543.1-1, has been updated with the relevant instructions. I suggest you bookmark that document and return to it regularly for updates.
One of my senior engineers, Enda O'Connor, has written a document on Patching Solaris using Advanced Live Upgrade Strategies for Zones and Clusters which I hope you will find useful.
A colleague of mine, Ken Brucker, has drawn this picture showing the composition of Solaris Updates which you may find useful to visualize the process.
See the relevant slides from the presentation on http://blogs.sun.com/patch/entry/updated_customer_patching_presentation_and for more detailed information.
As Miriam Brace's recent blog post signals, it's nearly time to say goodbye to SunSolve as the transition to My Oracle Support (MOS) continues.
There's syntax changes for 'wget' users which are detailed on SunSolve and copied on ISP. This document includes details on how to continue to access the patch metadata files 'patchdiag.xref' and 'checksums'.
As per my previous posting, Oracle Sun patches and patch clusters/bundles are already available from MOS.
The October 2010 Solaris OS CPU (Critical Patch Updates) containing all available Security, Data Corruption, and System Availability fixes are now available from My Oracle Support (MOS) and SunSolve.
See http://www.oracle.com/technetwork/topics/security/alerts-086861.html and in particular Document 1446032.1 on My Oracle Support (MOS), http://support.oracle.com, which includes CVE mappings for Oracle Sun products.
To access the Solaris OS CPUs on MOS, login, select the "Patches & Updates" tab and in the "Patch Search" box, click on "Product or Family (Advanced Search)". Select "Solaris Operating System" from the product drop down menu, select the Release(s) you are interested in, e.g. "Solaris 10 Operating System", select "Type" and "Patchset" from the drop down menus on the next line, and click "Search". This will show all the available patch clusters and bundles for your search criteria. The October 2010 CPUs have titles of the form "CPU OS Cluster 2010/10".
The Solaris OS CPUs are archived copies of the Solaris OS Recommended Patch Clusters. See http://blogs.sun.com/patch/entry/solaris_critical_patch_updates_cpus for further details.
Director, Software Patch Services
Here's the presentation on Oracle Solaris Patching Strategy and Best Practices which Bob Netherton and I gave last week at Oracle Open World.
It was really great to meet so many customers. If you have any patch related questions, please feel free to follow up with me.
Director, Software Patch Services, Solaris Systems.
These patch bundles provides the set of patch pre-applied into the corresponding Solaris 10 9/10 (Update 9) release image. These patches provide all the Solaris 10 bug fixes which were available when the contents of the Solaris 10 9/10 release was finalized.
See http://blogs.sun.com/patch/entry/solaris_10_10_08_patch for further information on Solaris Update Patch Bundles.
See http://blogs.sun.com/patch/entry/oracle_sun_patches_now_available for information on how to access patch bundles on MOS.
Many thanks to the Patch System Test, Patch Operations and Distribution, and SunSolve teams for expediting the release of these patch bundles.
This blog is to inform customers about patching best practice, feature enhancements, and key issues. The views expressed on this blog are my own and do not necessarily reflect the views of Oracle. The Documents contained within this site may include statements about Oracle's product development plans. Many factors can materially affect these plans and the nature and timing of future product releases. Accordingly, this Information is provided to you solely for information only, is not a commitment to deliver any material code, or functionality, and SHOULD NOT BE RELIED UPON IN MAKING PURCHASING DECISIONS. The development, release, and timing of any features or functionality described remains at the sole discretion of Oracle. THIS INFORMATION MAY NOT BE INCORPORATED INTO ANY CONTRACTUAL AGREEMENT WITH ORACLE OR ITS SUBSIDIARIES OR AFFILIATES. ORACLE SPECIFICALLY DISCLAIMS ANY LIABILITY WITH RESPECT TO THIS INFORMATION. ~~~~~~~~~~~~ Gerry Haskins, Director, Software Lifecycle Engineer