Oracle Patches and Application

Oracle Database Administration |

Patching  is one  of  the  most  common  task  performed  by  DBA’s  in  day-to-day  life  . Here , we  will discuss  about  the various  types  of  patches  which  are  provided  by  Oracle  . Oracle  issues  product fixes  for  its  software called  patches. When  we  apply  the  patch  to  our  Oracle  software installation, it updates  the  executable  files, libraries,  and  object  files in  the software  home directory . The patch application  can  also  update  configuration  files and  Oracle-supplied  SQL schemas . Patches  are  applied by  using  OPatch, a utility supplied by Oracle , OUI  or  Enterprise Manager Grid Control .

Oracle has categories of PSUs as :
i.) Critical Patch Update (CPU  aka SPU)  are quarterly delivered by Oracle to fix security issues. Now refers  to  the  overall  release of security  fixes each  quarter  rather than the cumulative database security  patch  for  the quarter.  Think  of  the  CPU as  the  overarching quarterly release and not as a single patch .
      A CPU is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes.
In some instances, it has been reported that malicious attackers have been successful because customers had failed to apply these Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.
ii.) Patch Set Updates (PSU)  are  the same cumulative patches  that  include  both  the  security  fixes and priority  fixes aka and a bunch of other one-off patches.  The key with  PSUs  is  they are  minor version  upgrades   (e.g., 11.2.0.1.1  to  11.2.0.1.2). Once a  PSU  is  applied, only  PSUs  can  be  applied  in  future  quarters  until  the database  is  upgraded to a new base version. We can use them, and stop to apply CPUs
           PSUs, as CPUs, are cumulatives, no need to apply all of them, just applying the last one should be enough. One-off patch is single fix, to fix a particular issue.

 

iii.) Security Patch Update (SPU)  terminology  is  introduced  in  the October 2012 Critical Patch Update as  the  term  for the quarterly security patch.  SPU  patches are the same  as  previous  CPU  patches,  just a new  name .  For  the database, SPUs  can  not  be  applied  once  PSUs  have  been  applied  until  the database is  upgraded  to a  new base version.
iv.) Bundle Patches  are the quarterly patches for Windows  and  Exadata  which  include  both the quarterly security patches as well as recommended fixes.

v.) Interim or One-Off Patches  An Interim Patch (formerly known as a “one-off” patch) is a bug fix (or set of fixes) made available to customers who for business reasons cannot wait until the next Patch Set or new product release to get a fix. Oracle may also recommend interim patches (such as security patches) to be applied to your systems. All Interim Patches are included in a future (usually next) PSU as well as the next product release.
By default, an Interim Patch does not include any other bug fixes made since the previous Patch Set.

 Interim Patches are not cumulative.
PSUs(PatchSet Updates) or CPUs(Critical Patch Updates) & SPU are applied via opatch utility.

How to get Oracle Patches :

We  obtain  patches  and  patch  sets  from  My Oracle Support (MOS) . The  ability  to  download a specific  patch  is  based  on  the contracts associated  to  the Customer support  identifiers (CSI)  in  our  My Oracle Support  account.  All  MOS  users  are  able  to  search  for  and  view all  patches,  but  we  will  be prevented  from  downloading  certain types  of  patches  based  on  our  contracts.
While   applying   Patchset or  patchset upgrades, basically there are two entities in the Oracle Database environment

i. )  Oracle Database Software
ii.)  Oracle Database

Most of the database patching activities involve, in the following sequence

  • Update  “Oracle Database Software”  using  OUI‘s ‘./runInstaller‘  or   ‘opatch apply’   known  as “Installation”  Tasks.
  • Update  “Oracle Database”  (catupgrd.sql  or  catbundle.sql …etc)  to  make  it  compatible  for  newly  patched  “Oracle database Software”   known  as  “Post Installation”  tasks.

Patchset  OR  CPU/PSU  (or one-off)  patch  contains  Post  Installation  tasks  to  be  executed  on  all Oracle  Database  instances  after  completing  the Installation  tasks. If  we  are  planning  to  apply  a patchset  along  with  required  one-off-patches (either CPU or PSU or any other one-off patch),  then  we can  complete  the  Installation  tasks  of  the   Patchset+CPU/PSU/one-off  patches at once and then execute  Post  Installation  tasks of  the  Patchset+CPU/PSU/one-off  patches  in  the  same sequence as they were  installed .

This  approach  minimizes  the  requirement  of  database  shutdown  across  each  patching  activity and simplifies  the  patching  mechanism as two tasks:

  • Software update and then
  • Database update.

Here , we  will  cover  the  Opatch Utility in details along with example.

OPatch  is  the  recommended (Oracle-supplied)  tool  that  customers  are  supposed  to  use  in  order to apply  or  rollback  patches. OPatch  is  PLATFORM  specific . Release is based on Oracle Universal Installer version . OPatch is a Java-based utility which requires the Oracle Universal Installer to be installed. It is platform independent and runs on all supported operating systems.

OPatch  resides in  $ORACLE_HOME/OPatch .

Uses of OPatch:

  • Applying  an  interim  patch.
  • Rolling  back  the  application  of  an  interim  patch.
  • Detecting  conflict  when  applying  an  interim  patch  after  previous  interim  patches  have  been applied.  It  also  suggests  the  best  options  to  resolve a conflict .
  • Reporting on installed products and interim patch.

The  patch  metadata  exist in  the  inventory.xml  and  action.xml  files  exists under//etc/config/

Inventory  .xml  file  have  the  following  information :

  • Bug number
  • Unique Patch ID
  • Date of  patch year
  • Required and Optional components
  • OS platforms ID
  • Instance shutdown is required or not
  • Patch can be applied online or not

Actions   .xml  file  have  the  following  information .

  • File name and it location to which it need to be copied
  • Components need to be re-linked
  • Information about the optional and required components

Here are steps for applying  patches on linux Platform : 

1.) Download the required Patches from  My Oracle Support (MOS) : 

  • Login to metalink.
  • Click “Patches & Updates” link on top menu.
  • On the patch search section enter patch number and select the platform of your database.
  • Click search.
  • On the search results page, download the zip file.
Downloading and installing the latesh Opatch version:
——————————————————
Below are the steps for downloading and installing the latest opatch version.opatch is very much useful for applying the database patches to fix various bugs and it is very much important to have the latest version.1) Please download the latest OPatch version from My Oracle Support (MOS)a) Click on the “Patches & Updates” tabb) In the “Patch Name or Number” field type 6880880c) In the “Platform” field select the relevant platformd) Click the Search button.

e) Select the patch that corresponds to the Oracle release installed:

6880880 Universal Installer: Patch OPatch 11.2

f) Click the Download button
Once the above task is done copy the patch to $ORACLE_HOME directory and move the previous OPatch directory to separate directory in OS.We can use winscp or ftp for copying this patch from MOS to windows and
than windows to linux Box.