Re: Patch Question

From: Michael Austin <>
Date: Sat, 07 Jun 2008 21:31:41 -0500
Message-ID: <OuH2k.4595$>

joel garry wrote:
> On Jun 6, 1:17 pm, Mtek <> wrote:

>> On Jun 6, 3:08 pm, "" <> wrote:
>>> On Jun 6, 2:57 pm, Mtek <> wrote:
>>>> Hi,
>>>> We want to apply some Oracle.  We have not done this in nearly 9
>>>> months or so.  Anyhow, here is our environment:
>>>> Oracle
>>>> Linux Red Hat Enterprise x86-64
>>>> It returned 64 patched.  None were recommended......
>>>> So, does that mean that we really do not need to install any???
>>>> Thank you!
>>>> John
>>> I know of at least ONE patchset you should be applying, and that is
>>> (or, if it's been released for RHEL).
>>> David Fitzjarrell
>> Why not apply all the 64 patches for, or is the idea is to
>> move to to upgrade the version.....

> The patches are cumulative. In general, you want to be on or testing
> the latest patch set. It is not considered an upgrade because...
> well, that is explained in the docs that come with or can be obtained
> separately from the patch. You should read them!
> "Patch sets are a mechanism for delivering fully tested and integrated
> product fixes. Patch sets provide bug fixes only; they do not include
> new functionality and they do not require certification on the target
> system.
> Patch sets include all of the libraries that have been rebuilt to
> implement the bug fixes in the set. All of the fixes in the patch set
> have been tested and are certified to work with each other. Because
> the patch set includes only low impact patches, it does not require
> you to certify applications or tools against the server."
> But you should be interested in the bugs that are fixed.
> Some patch sets do contain backported new functionality, regardless of
> the boilerplate. Of course, the distinction between bug and doing it
> different may be blurry.
> jg
> --
> is bogus.

I would modify this slightly from:
"Patch sets provide bug fixes only; they do not include new functionality and they do not require certification on the target system."

"Patch sets generally provide bug fixes; they do not always include new functionality and they may not or may not require certification on the target system."

Oracle does occasionally sneak in new functionality - like starting with 1Q2008 CPU patch, they started including SCM - the "phone-home" software linked with Metalink. It is not configured, but it is installed. Also, the way the patch sets installed started using "molecules" Major Patch# with many sub-patches - requiring a new version of OPatch to be installed in order to execute it.

They also changed executable permissions on UNIX servers starting with They did provide a script to set them to "wide-open", but this is a case of a major change that affected a lot of systems due to previously poorly designed security.

Personally, I miss the security mechanisms found in the formerly DEC/COMPAQ now HP OpenVMS. It was light years ahead of the Unix model. And the cluster technology actually worked :) Received on Sat Jun 07 2008 - 21:31:41 CDT

Original text of this message