icetray - Fotolia
This is the second part of a two-part article. To start at the beginning, click here.
Only two sources, Patchsets.sh and Patch Wizard provide a comparison between what Oracle recommends for your environment and what is actually in your environment. However, Patchsets.sh only lists patches that increase the code level. Patch Wizard lists all recommended and high-priority patches from all sources.
Patch Wizard gives you the choice to use one of its filters to find your patches, or specify a specific patch or list of patches to look for. You need to have the file InfoBundle12.zip already in the staging directory, or you have to specify the My Oracle Support (MOS) credentials in order for Patch Wizard to work. If you haven't done either, the process will end in error.
Patch Wizard works best if your database administrator (DBA) will allow your instance to connect to Oracle to download the latest InfoBundleR12.zip file and recommended patches. The connection will not only allow you to download the recommended patch list. However, if the analysis discovers missing prerequisites, these prerequisites will also download. Patch Wizard can also be run in offline mode. How to accomplish this is described in MOS note 741129.1: How to Use Patch Wizard Without Setting Up Internet Connection. Alternatively, the DBA can schedule a full recommendation every morning, which downloads the file.
In the Patch Wizard, click the Recommend/Analyze Patches icon in the task column and select your filter. Click Analyze Aggregate Patch Impact to get an impact study of all the patches merged together. Leave the box next to In Use Products Only checked (Figure 1).
The results screen for Patch Wizard 12.1.3 (Figure 2) and 12.2.3 (Figure 3) look different. With the latest patch, 12.1.3 added the Applied Indirectly column. This screen refers to patches that, while they are not in ad_applied_patches or ad_bugs, have all their files at the current file level or a lower file level.
12.2.3 does not have the Applied Indirectly column. Instead it has the Pending Cutover column. Patches applied as part of no downtime patching -- but where the DBA has not run the final step of cutting over the patched instance -- appear in this column. Patches with this status do not have to be added to any merged patch.
Regardless of the release, click the blue box in the Details column to see what patches it recommends and what files will be impacted by each patch.
The list shows the type of patch, the application, the description and whether prerequisites are required. To see the impact of a specific patch, click the impact link. Patches included as part of other patches will not be listed initially. However, the list can be expanded.
The top section lists the total files in the patch and the number and percentage that would actually be installed. That percentage will be the first indication of the amount of effort it will take to test the patch. Next, click the File Types Installed link. This lists all the file types in the patch. You can also click Menu Navigation Trees Affected to see the menu paths needed to test form changes. Unfortunately, it will only show form changes.
The breakdown by file type will drilldown to individual files. Excluding the .fmb files, Patch Wizard does not provide any aides to determine what changed or how to test the changes. Add your comments to ER 9703046 so Oracle can prioritize how to improve this area.
The OAUG paper database contains a paper, “Patch Wizard for the Masses: An APEX Version of the Patch Impact Analysis Reports,” which also helps with the issue of determining what the patch impacted and how to determine what needs to be tested.
After analyzing the recommendations, Patch Wizard can create an aggregated or merged patch. However, this is a task normally carried out from the operating system by a DBA, and will not be covered here.
In October 2014, Oracle released patches for a grand total of 154 flaws
With less than a year until Oracle stops issuing security patches for EBS R11i, many are thinking about upgrading
Heartbleed demonstrates patching issues for anything not covered in standard enterprise-patching processes