--latestPSU and --reccomendetPatches don't apply ovl (overlay patches)
Nico-DB opened this issue · 8 comments
According to the Oracle support page there is a new overlay patch (32097167) for patch 31960985 due to Security Alert CVE-2020-14750 (https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=195985364792630&id=2724951.1&_afrWindowMode=0&_adf.ctrl-state=y62m2azcx_4).
Unfortunately when creating a new image with the options "--latestPSU --recommendedPatches" the patch is not recognised. Only the following patches are applied (03.11.2020 08:13:29):
[INFO ] Oracle WebLogic Server - locating latest recommended patches...
1399 | [INFO ] Oracle WebLogic Server - found recommended patch 31960985 WLS PATCH SET UPDATE 12.2.1.4.201001
1400 | [INFO ] Oracle WebLogic Server - found recommended patch 31544353 ADR FOR WEBLOGIC SERVER 12.2.1.4.0 JULY CPU 2020
1401 | [INFO ] Oracle WebLogic Server - found recommended patch 31384959 WEBLOGIC SAMPLES SPU 12.2.1.4.200714
1402 | [INFO ] Oracle Coherence - locating latest recommended patches...
1403 | [INFO ] Oracle Coherence - found recommended patch 31806259 Coherence 12.2.1.4.6 Cumulative Patch using OPatch
1404 | [INFO ] The recommended ADR patch was skipped for the WLS installer, use --patch 31544353 to apply this patch
1405 | [INFO ] Validating patches
1406 | [INFO ] Validated patch 31960985 for Oracle WebLogic Server 12.2.1.4.0
1407 | [INFO ] Validated patch 31384959 for Oracle WebLogic Server 12.2.1.4.0
1408 | [INFO ] Validated patch 31806259 for Oracle Coherence 12.2.1.4.0
1409 | [INFO ] No patch conflicts detected
1410 | [INFO ] Could not find key 31960985_12.2.1.4.0 in the cache for patch 31960985
1411 | [INFO ] Downloading patch 31960985...
1412 | [INFO ] Adding patch 31960985_12.2.1.4.0 to cache, path=/root/cache/p31960985_122140_Generic.zip
1413 | [INFO ] Could not find key 31384959_12.2.1.4.0 in the cache for patch 31384959
1414 | [INFO ] Downloading patch 31384959...
1415 | [INFO ] Adding patch 31384959_12.2.1.4.0 to cache, path=/root/cache/p31384959_122140_Generic.zip
1416 | [INFO ] Could not find key 31806259_12.2.1.4.0 in the cache for patch 31806259
1417 | [INFO ] Downloading patch 31806259...
1418 | [INFO ] Adding patch 31806259_12.2.1.4.0 to cache, path=/root/cache/p31806259_122140_Generic.zip
1419 | [INFO ] Requesting patch information for patch 28186730
1420 | [INFO ] Could not find key 28186730_13.9.4.2.4 in the cache for patch 28186730
1421 | [INFO ] Downloading patch 28186730...
1422 | [INFO ] Adding patch 28186730_13.9.4.2.4 to cache, path=/root/cache/p28186730_139424_Generic.zip
In my opinion this is a bug, since it should have been applied since it is clearly a recommended patch (criticality 9.8/10).
Thanks, from the standard support.oracle.com search for recommended patches 12.2.1.4.0, I don't see the recent overlay patch returned, we will take a look what's the recommended patches and subsequent overlay patches are return from the support system.
@Nico-DB The Image Tool recommended patches are obtained from Oracle's patch system. Until that database is updated, Image Tool will not see the overlay. I sent an email to that team and will post back when I know more.
In the meantime, you should combine --recommendPatches with --patches 31960985 to get the complete installation that you need.
According to the team that maintains the PSU's, overlays, etc., the Overlay patches are not included in "Recommended Patches". The PSU and security (SPU) patches are included, but not overlays.
@ddsharpe What does that mean exactly? I still need to apply all critical/ovl patches by myself?
Shouldn't especially these patches are categorised as recommended?
Further if this will not be changed. Is there a possibility to implement something that also searches for ovl patches which I can define with something similar to "--ApplyOverlayPatches?
I agree it would be great to have those critical security overlay patches marked as recommended. Those patches will be needed on all Enterprise installations.
Yes we agree with you and are working with the team to make Security Alert patches recommended, it is irrelevant if it is a patch or a overlay patch.
Thanks
Monica
Thanks Monica. Sounds great!
Thank you very much Monica.