Patching all my environments with the October 2020 Patch Bundles

I have to confess: Time didn’t allow to rearrange my lab yet to have GI and ASM. Hence, this will be another blog post about Patching all my environments with the October 2020 Patch Bundles with only non-RAC patching. But it is in the works …

As usual, an important annotation upfront: I patch in-place due to space issues. But in reality, you please patch always out-of-place with a separate home. Please see this blog post about how to apply the RU directly when you provision a new home with OUI.

Security Alert October 2020

You can find the Security Alert for the October 2020 listing all affected platforms and products. And of course, I look for Oracle Database Server, versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c. From here you’ll be guided to the Risk Matrix.

It lists 28 new security patches for Oracle Database Products divided as follows:

  • 18 new security patches for Oracle Database Products
  • 1 new security patch for Oracle Big Data Graph
  • 5 new security patches for Oracle REST Data Services
  • 4 new security patches for Oracle TimesTen In-Memory Database

This is quite a similar number as in the July 2020 risk matrix.

I’m adding only a screenshot for CVEs with risk score > 6.0 here. Please access the Risk Matrix to check all of the listed fixes.

Patching all my environments with the October 2020 Patch Bundles

Risk Matrix – October 2020 – only Base Score’s > 6.0 shown here

But regardless of what’s included, you should apply the RUs anyway as there are a lot more fixes in it.

Database Patch Bundles

You will find the links to the database patches in MOS Note: 2694898.1 – Critical Patch Update (CPU) Program Oct 2020 Patch Availability Document (PAD). In my case, this is the list of bundles:

  • Oracle Database 19c
  • Oracle Database 12.2.0.1
  • Oracle Database 11.2.0.4

Unfortunately, as usual MOS Note: 2118136.2 – Assistant: Download Reference for Oracle Database/GI Update, Revision, PSU, SPU(CPU), Bundle Patches, Patchsets and Base Releases hasn’t been updated yet with the links for the October bundles by the time I write this.

Do I need a new OPatch?

First check while the download is progressing: Do I need to refresh my OPatch versions?

  • 19.9.0 requires opatch 12.2.0.1.19 or later (I seriously doubt that as the July required 21 already – I guess this is one of the common copy&paste errors – I won’t verify this but rather use the opatch from the previous July cycle)
  • 12.2.0.1 requires opatch 12.2.0.1.21 or later (same as in July)
  • 11.2.0.4 requires opatch 11.2.0.3.23 or later (same as in July)

Actually, the 21 version for 12.2.0.1, 18c and 19c is the newest available version on MOS anyways. You can download OPatch via: 6880880. I could wipe out my current OPatch directories in all my three homes. Once the new OPatch bundles would have been unzipped into each home, I could proceed. But this is not needed here in my case.

Applying RU 19.9.0 to my 19c home

At first, I unzip the patch into a separate directory and place myself into this directory ~/31741641 .

  1. opatch conflict check
    $ cd 31771877/
    [CDB2] oracle@hol:~/31771877
    $ $ORACLE_HOME/OPatch/opatch prereq CheckConflictAgainstOHWithDetail -ph ./
    Oracle Interim Patch Installer version 12.2.0.1.21
    Copyright (c) 2020, Oracle Corporation.  All rights reserved.
    
    PREREQ session
    
    Oracle Home       : /u01/app/oracle/product/19
    Central Inventory : /u01/app/oraInventory
       from           : /u01/app/oracle/product/19/oraInst.loc
    OPatch version    : 12.2.0.1.21
    OUI version       : 12.2.0.7.0
    Log file location : /u01/app/oracle/product/19/cfgtoollogs/opatch/opatch2020-10-21_11-40-19AM_1.log
    
    Invoking prereq "checkconflictagainstohwithdetail"
    
    Prereq "checkConflictAgainstOHWithDetail" passed.
    
    OPatch succeeded.
    [CDB2] oracle@hol:~/31771877
  2. opatch apply
    $ $ORACLE_HOME/OPatch/opatch apply
    Oracle Interim Patch Installer version 12.2.0.1.21
    Copyright (c) 2020, Oracle Corporation.  All rights reserved.
    
    
    Oracle Home       : /u01/app/oracle/product/19
    Central Inventory : /u01/app/oraInventory
       from           : /u01/app/oracle/product/19/oraInst.loc
    OPatch version    : 12.2.0.1.21
    OUI version       : 12.2.0.7.0
    Log file location : /u01/app/oracle/product/19/cfgtoollogs/opatch/opatch2020-10-21_11-42-01AM_1.log
    
    Verifying environment and performing prerequisite checks...
    
    --------------------------------------------------------------------------------
    Start OOP by Prereq process.
    Launch OOP...
    
    Oracle Interim Patch Installer version 12.2.0.1.21
    Copyright (c) 2020, Oracle Corporation.  All rights reserved.
    
    
    Oracle Home       : /u01/app/oracle/product/19
    Central Inventory : /u01/app/oraInventory
       from           : /u01/app/oracle/product/19/oraInst.loc
    OPatch version    : 12.2.0.1.21
    OUI version       : 12.2.0.7.0
    Log file location : /u01/app/oracle/product/19/cfgtoollogs/opatch/opatch2020-10-21_11-42-54AM_1.log
    
    Verifying environment and performing prerequisite checks...
    OPatch continues with these patches:   31771877  
    
    Do you want to proceed? [y|n]
    y
    User Responded with: Y
    All checks passed.
    
    Please shutdown Oracle instances running out of this ORACLE_HOME on the local system.
    (Oracle Home = '/u01/app/oracle/product/19')
    
    
    Is the local system ready for patching? [y|n]
    y
    User Responded with: Y
    Backing up files...
    Applying interim patch '31771877' to OH '/u01/app/oracle/product/19'
    ApplySession: Optional component(s) [ oracle.network.gsm, 19.0.0.0.0 ] , [ oracle.rdbms.ic, 19.0.0.0.0 ] , [ oracle.rdbms.tg4db2, 19.0.0.0.0 ] , [ oracle.tfa, 19.0.0.0.0 ] , [ oracle.options.olap.awm, 19.0.0.0.0 ] , [ oracle.net.cman, 19.0.0.0.0 ] , [ oracle.xdk.companion, 19.0.0.0.0 ] , [ oracle.oraolap.mgmt, 19.0.0.0.0 ] , [ oracle.network.cman, 19.0.0.0.0 ] , [ oracle.options.olap, 19.0.0.0.0 ] , [ oracle.assistants.usm, 19.0.0.0.0 ] , [ oracle.assistants.asm, 19.0.0.0.0 ] , [ oracle.sqlj, 19.0.0.0.0 ] , [ oracle.jdk, 1.8.0.191.0 ]  not present in the Oracle Home or a higher version is found.
    
    Patching component oracle.rdbms.rsf, 19.0.0.0.0...
    
    Patching component oracle.rdbms, 19.0.0.0.0...
    
    Patching component oracle.rdbms.util, 19.0.0.0.0...
    
    Patching component oracle.assistants.acf, 19.0.0.0.0...
    
    Patching component oracle.assistants.deconfig, 19.0.0.0.0...
    
    Patching component oracle.assistants.server, 19.0.0.0.0...
    
    Patching component oracle.buildtools.rsf, 19.0.0.0.0...
    
    Patching component oracle.ctx, 19.0.0.0.0...
    
    Patching component oracle.dbjava.ic, 19.0.0.0.0...
    
    ...
    
    Patching component oracle.dbdev, 19.0.0.0.0...
    
    Patching component oracle.rdbms.install.common, 19.0.0.0.0...
    
    Patching component oracle.sdo.locator, 19.0.0.0.0...
    
    Patching component oracle.duma, 19.0.0.0.0...
    
    Patching component oracle.sqlplus.ic, 19.0.0.0.0...
    
    Patching component oracle.xdk.rsf, 19.0.0.0.0...
    
    Patching component oracle.xdk.parser.java, 19.0.0.0.0...
    
    Patching component oracle.rdbms.rsf.ic, 19.0.0.0.0...
    
    Patching component oracle.precomp.common, 19.0.0.0.0...
    
    Patching component oracle.precomp.lang, 19.0.0.0.0...
    
    Patching component oracle.jdk, 1.8.0.201.0...
    Patch 31771877 successfully applied.
    Sub-set patch [31281355] has become inactive due to the application of a super-set patch [31771877].
    Please refer to Doc ID 2161861.1 for any possible further required actions.
    Log file location: /u01/app/oracle/product/19/cfgtoollogs/opatch/opatch2020-10-21_11-42-54AM_1.log
    
    OPatch succeeded.
  3. datapatch
    As final action, I will start my database and all pluggable databases again. The next step, datapatch, requires my databases and PDBs to be open.

    SQL*Plus: Release 19.0.0.0.0 - Production on Wed Oct 21 11:52:07 2020
    Version 19.9.0.0.0
    
    Copyright (c) 1982, 2020, Oracle.  All rights reserved.
    
    Connected to an idle instance.
    
    SQL> startup
    ORACLE instance started.
    
    Total System Global Area 1577055360 bytes
    Fixed Size		    9135232 bytes
    Variable Size		  402653184 bytes
    Database Buffers	 1157627904 bytes
    Redo Buffers		    7639040 bytes
    Database mounted.
    Database opened.
    SQL> alter pluggable database all open;
    
    Pluggable database altered.
    
    SQL> exit
    Disconnected from Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
    Version 19.9.0.0.0
    [CDB2] oracle@hol:~/31771877
    $ $ORACLE_HOME/OPatch/datapatch -verbose
    SQL Patching tool version 19.9.0.0.0 Production on Wed Oct 21 11:52:34 2020
    Copyright (c) 2012, 2020, Oracle.  All rights reserved.
    
    Log file for this invocation: /u01/app/oracle/cfgtoollogs/sqlpatch/sqlpatch_15467_2020_10_21_11_52_34/sqlpatch_invocation.log
    
    Connecting to database...OK
    Gathering database info...done
    
    Note:  Datapatch will only apply or rollback SQL fixes for PDBs
           that are in an open state, no patches will be applied to closed PDBs.
           Please refer to Note: Datapatch: Database 12c Post Patch SQL Automation
           (Doc ID 1585822.1)
    
    Bootstrapping registry and package to current versions...done
    Determining current state...done
    
    Current state of interim SQL patches:
      No interim patches found
    
    Current state of release update SQL patches:
      Binary registry:
        19.9.0.0.0 Release_Update 200930183249: Installed
      PDB CDB$ROOT:
        Applied 19.8.0.0.0 Release_Update 200703031501 successfully on 15-JUL-20 10.29.43.549256 AM
      PDB PDB$SEED:
        Applied 19.8.0.0.0 Release_Update 200703031501 successfully on 15-JUL-20 10.29.44.668492 AM
    
    Adding patches to installation queue and performing prereq checks...done
    Installation queue:
      For the following PDBs: CDB$ROOT PDB$SEED
        No interim patches need to be rolled back
        Patch 31771877 (Database Release Update : 19.9.0.0.201020 (31771877)):
          Apply from 19.8.0.0.0 Release_Update 200703031501 to 19.9.0.0.0 Release_Update 200930183249
        No interim patches need to be applied
    
    Installing patches...
    Patch installation complete.  Total patches installed: 2
    
    Validating logfiles...done
    Patch 31771877 apply (pdb CDB$ROOT): SUCCESS
      logfile: /u01/app/oracle/cfgtoollogs/sqlpatch/31771877/23869227/31771877_apply_CDB2_CDBROOT_2020Oct21_11_55_46.log (no errors)
    Patch 31771877 apply (pdb PDB$SEED): SUCCESS
      logfile: /u01/app/oracle/cfgtoollogs/sqlpatch/31771877/23869227/31771877_apply_CDB2_PDBSEED_2020Oct21_11_56_21.log (no errors)
    SQL Patching tool complete on Wed Oct 21 11:56:39 2020

Everything looks good.

Applying RU 12.2.0.1.201020 to my 12.2.0.1 home

I won’t copy/paste all steps as the output is similar to the above.

  1. opatch conflict check
    $ORACLE_HOME/OPatch/opatch prereq CheckConflictAgainstOHWithDetail -ph ./
  2. opatch apply
    $ORACLE_HOME/OPatch/opatch apply

    Then I will need to startup my databases and all PDBs.

  3. datapatch -verbose
    Final steps is “datapatch”. It requires the databases and all its PDBs to be up and running.

    $ORACLE_HOME/OPatch/datapatch -verbose

     

Applying PSU 11.2.0.4.201020 to my Oracle 11.2 home

For Oracle 11.2 I can only take the PSU. Bundle patches (BP) in Oracle 11.2 were only meant for Exadata systems. But the path to apply them is the same as for later bundles.

Again, I won’t copy/paste all steps as the output is similar to the above.

  1. opatch conflict check
    $ORACLE_HOME/OPatch/opatch prereq CheckConflictAgainstOHWithDetail -ph ./
  2. opatch apply
    $ORACLE_HOME/OPatch/opatch apply

    Then I will need to startup my databases (FTEX and UPGR).

  3. catbundle.sql
    Final steps is “catbudle.sql”. It requires the databases to be up and running.

    cd $ORACLE_HOME/rdbms/admin
    sqlplus / as sysdba
    @?/rdbms/admin/catbundle.sql psu apply

Everything fine now. No major issues seen. But as you know, my environment is simple and doesn’t include RAC or standbys.

Additional Tools and Cleanup

At this point, it is always time for me to check whether there are newer versions of AutoUpgrade, preupgrade.jar and SQL Developer available. Please note that of course I’m doing no upgrade here but still want the most recent versions of these (at least for my daily work) essential tools on disk.

  • AutoUpgrade
    As there is a new AutoUpgrade 19.9.2 available via MOS Note: 2485457.1 – AutoUpgrade Tool, I apply this right away to my home as well. And of course, if you have no intention to do any database upgrade on this host, you can safely skip this step.

    $ cp /media/sf_TEMP/Oct2020/autoupgrade1992/autoupgrade.jar $OH19/rdbms/admin
    
    $ java -jar autoupgrade.jar -version
    build.hash bf4ccd4
    build.version 19.9.2
    build.date 2020/08/31 13:47:51
    build.max_target_version 19
    build.supported_target_versions 12.2,18,19
    build.type production
  • opatch util cleanup
    As somebody asked me the other day about whether it is ok to remove the directory where the patch has been unziped into? Yes, of course, this is ok. The information which is necessary to rollback the patch is kept in .patch_storage. And you can cleanup a little bit of it with “opatch util cleanup” – but be aware to be on a newer version of opatch.

    $ $ORACLE_HOME/OPatch/opatch util cleanup
    Oracle Interim Patch Installer version 12.2.0.1.21
    Copyright (c) 2020, Oracle Corporation.  All rights reserved.
    
    
    Oracle Home       : /u01/app/oracle/product/19
    Central Inventory : /u01/app/oraInventory
       from           : /u01/app/oracle/product/19/oraInst.loc
    OPatch version    : 12.2.0.1.21
    OUI version       : 12.2.0.7.0
    Log file location : /u01/app/oracle/product/19/cfgtoollogs/opatch/opatch2020-10-21_12-02-44PM_1.log
    
    Invoking utility "cleanup"
    OPatch will clean up 'restore.sh,make.txt' files and 'scratch,backup' directories.
    You will be still able to rollback patches after this cleanup.
    Do you want to proceed? [y|n]
    y
    User Responded with: Y
    
    Backup area for restore has been cleaned up. For a complete list of files/directories
    deleted, Please refer log file.
    
    OPatch succeeded.

    Don’t expect miracles please. And repeat this for all your homes.

  • SQL Developer and SQLcliThis is the download location for both, SQL Developer and SQLcli for the new current 20.2 versions.

But my Patch Bundle isn’t there!

By the time I write this blog post, a lot of the bundles aren’t available yet. For instance, the 19.9.0 RU was available for Linux and AIX only on Oct 21, 2020. Please check out this section of MOS Note: 2694898.1.

Patching all my environments with the October 2020 Patch Bundles

Section 2.2 Post Release Patches – MOS Note: 2694898.1

You will quickly spot that – with some exceptions – almost all patch bundles may be available not earlier than 10 days after the actual quarterly patching date. Don’t shoot the messenger please!

And please be aware that the patch numbers are already there for all patch bundles. But for instance, if you try to download Microsoft Windows 32-Bit and x86-64 BP 19.9.0.0.201020 Patch 31719903, you will receive this:

This simply means “Patch is not there yet”. Of course, in an ideal world, MOS would tell you that the patch is not there yet and supposed to be available on day X.Y.Z. Well …

Further Links and Information

–Mike

Share this: