dcsimg

Database Security and Patches - Part 2 - Page 2

November 22, 2005

Sorting out patches and patchsets

Unlike the base version of each Oracle product (available at Oracle Technology Network), virtually all patches are obtainable only via MetaLink. Access to MetaLink requires a support contract, so if you are on your own (i.e., student, learning Oracle on your own, etc.), your access to patches for a product are quite limited. HTML DB is an example of where Oracle has released a patch outside of MetaLink, but with respect to the RDBMS product, you can pretty much count on the requirement to have access to MetaLink.

Once you are in MetaLink, what do you look for? It helps to know the patch number ahead of time because you can search by number instead of by product. One semantics-related concept that helps in your search is understanding Oracle's terminology. As an analogy (in most cases), when someone refers to a database, there is not a distinction between database and instance, and as we all know, sometimes the distinction is important. With respect to a patch, more often than not we really mean patchset. If we want to turn a 9.2.0.1 software installation into a 9.2.0.7 version, we have to apply a patchset.

Additionally, since the base releases tend to start off with a one, the "7" in "9.2.0.7" means patchset 6. And to be precise, not every patchset upgrades the version release. Patchsets, by definition, are cumulative fixes of other problems. As a general rule of thumb, you can almost always safely or routinely apply a "family" patchset, but other patchsets (and patches) should be applied only when certain conditions are met in your particular environment. Of course, it does not help that Oracle refers to patches and patchsets by patch number (see the left column in the pictures below).

How does Oracle view a patchset?

Patch sets are a mechanism for delivering fully tested and integrated product fixes. Patch sets provide bug fixes only; they do not include new functionality and they do not require certification on the target system.

Patch sets include all of the libraries that have been rebuilt to implement the bug fixes in the set. All of the fixes in the patch set have been tested and are certified to work with each other. Because patch sets include only low impact fixes, you are not required to certify applications or tools against the server unless directed to by the operating system vendor.

Patch sets are cumulative. Patch set release 9.2.0.7 includes all fixes in patch sets 9.2.0.7 and earlier as well as new fixes for patch set 9.2.0.7. This means that unless the patch set documentation indicates otherwise, you can apply this patch set to any earlier release 9.2 installation. You do not have to install intermediate patch sets.

Patch sets contain generic fixes that apply to all platforms. Patch sets may also include additional platform-specific patches.

Oracle's definition of a patch set

Click for larger image

A sample listing of patchsets for Oracle9i.

Click for larger image

A sample listing of patches for Oracle9i.

The table below summarizes how Oracle software is released.

Category

Source

Example

Base release

OTN

Oracle 9.2.0.1

Patchset

MetaLink

Patchset 9.2.0.7

Patch

MetaLink

Patch 4159795

Installing patchset 9.2.0.7

Selecting the link for 4163445 shows the following:


Patchset 4163445 Information Page


Start of the README for 4163445

Downloading the "patch" file requires no explanation, and uncompression or extraction of the file can generally be done anywhere except under ORACLE_HOME. For this patchset, the instructions direct you to use a newer version of Oracle Universal Installer (version 10.1.0.4, to be precise). The newer version of OUI comes bundled with the patchset, so phase one (use OUI to upgrade OUI) applies here. Other considerations include upgrading standby databases, clearing statistics out of the SYS schema (shouldn't be there anyway, right?), and checking for post-release updates.

Before actually starting OUI, some preliminary steps include:

  • Download and uncompress p4163445_9207_WINNT.zip
  • Shutdown all database instances
  • Stop all processes
  • Take a backup
  • Decide to install the patchset interactively or non-interactively

An interactive session is nothing more than responding to OUI. A noninteractive session uses a response file. Since this example uses the interactive mode, we have to start OUI using setup.exe in the folder where the ZIP file was extracted. The target or source file, products.xml, is in the stage folder.

Run setup.exe and update the path and name of your Oracle 9.2 installation.

The installation process is straightforward, and the installation successful message at the end is a good sign.








The Network for Technology Professionals

Search:

About Internet.com

Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | E-mail Offers