=============================== Interim Patch for Bug: 27197885 =============================== Date: Jan 04, 2018 --------------------------------- Platform Patch for : Microsoft Windows x64 (64-bit) Product Patched : Oracle HTTP Server Product Version : 11.1.1.7.0 This document describes how to install the interim patch for bug # 27197885 . It includes the following sections: Section 1, "Zero Downtime Patching" Section 2, "Prerequisites" Section 3, "Pre-Installation Instructions" Section 4, "Installation Instructions" Section 5, "Post-Installation Instructions" Section 6, "Deinstallation Instructions" Section 7, "Post Deinstallation Instructions" Section 8, "Bugs Fixed by This Patch" 1. Zero Downtime Patching ------------------------- This patch has been marked as eligible for Zero Downtime Patching. The type of Zero Downtime Patching supported by this patch is FMW_PRODUCTION_REDEPLOY. With Zero Downtime Patching, a Patch can be applied to a system in a manner that does not incur any downtime. This ensures that the system can remain available and functioning during the patching process. Certain pre-requisites, however, must be met before the patch can be applied. For more information, consult the My Oracle Support MOS Note: 1942159.1 2. Prerequisites ---------------- Ensure that you meet the following requirements before you install or deinstall the patch: 1. Before applying the non-mandatory patches, ensure that you have the exact symptoms described in the bug. 2. Review and download the latest version of OPatch 11.1.x via Bug 6880880. (OPatch version 11.1.0.9.0 or higher) Patch : p6880880_111000_.zip a. Oracle recommends that all customers be on the latest version of OPatch. Review the My Oracle Support note 224346.1, and follow the instructions to update to the latest version if needed. Click the following link to view the note: Note 224346.1 - Opatch - Where Can I Find the Latest Version of Opatch? https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=224346.1 b. For FMW Opatch usage, refer to the document at: http://download.oracle.com/docs/cd/E21764_01/doc.1111/e16793/opatch.htm 3. Verify the OUI Inventory. OPatch needs access to a valid OUI inventory to apply patches. Note: This needs the ORACLE_HOME to be set(refer section "2. Pre-Installation Instructions") prior to run the below commands: Validate the OUI inventory with the following commands: $ opatch lsinventory If the command errors out, contact Oracle Support and work to validate and verify the inventory setup before proceeding. 4. Confirm the executables appear in your system PATH. The patching process will use the unzip and the OPatch executables. After setting the ORACLE_HOME environment, confirm if the following executables exist, before proceeding to the next step: - which opatch - which unzip If either of these executables do not show in the PATH, correct the problem before proceeding. 5. Create a location for storing the unzipped patch. This location will be referred to later in the document as PATCH_TOP. 3. Pre-Installation Instructions -------------------------------- Note: OHS may be installed in different Oracle homes depending on your installation. Reference My Oracle Support Doc ID: 1591483.1 - "What is Installed in My Middleware or Oracle home?" 1. Set the ORACLE_HOME environment variable to where OHS is installed, e.g. [MW_HOME]/Oracle_WT1, [MW_HOME]/Oracle_FRHome1, or [MW_HOME]/Oracle_IDM1 2. Stop all servers (Admin Server and all Managed Server(s)). 3. Stop all opmn, OHS services. 4. Edit ssl.conf and remove SSLv2 protocol, since it is no longer supported. Edit ssl.conf and remove ciphers with key strength < 96 bit Save ssl.conf and exit. 4. Installation Instructions ---------------------------- Note: OPatch commands should be run with -jre option. Make sure the JDK version you use is the certified version for your product. e.g. opatch apply -jre $ORACLE_HOME/jdk/jre or opatch rollback -id -jre $ORACLE_HOME/jdk/jre 1. Unzip the patch zip file into the PATCH_TOP. $ unzip -d PATCH_TOP p27197885_111170_MSWIN-x86-64.zip 2. Set your current directory to the directory where the patch is located. $ cd PATCH_TOP/27197885 3. Run OPatch to apply the patch. $ opatch apply Note: ----- When OPatch starts, it validates the patch and makes sure that there are no conflicts with the software already installed in the ORACLE_HOME. In case of opatch conflict, you will see a warning message similar to the one mentioned below: Interim Patch XXXX has Conflict with patch(es) [ YYYY ] in OH ... Conflict patches: YYYY Patch(es) YYYY conflict with the patch currently being installed (XXXX). If you continue, patch(es) YYYY will be rolled back and the new patch (XXXX) will be installed. If a merge of the new patch (XXXX) and the conflicting patch(es) ( YYYY) is required, contact Oracle Support Services and request a Merged patch. Do you want to proceed? [y|n] n You must stop the patch installation and contact Oracle Support to determine how to proceed. 5. Post-Installation Instructions --------------------------------- 5.1. After applying this patch, configuration is required to secure existing OHS instances. Follow steps from the following document on My Oracle Support: Doc ID 2314658.1 - SSL Configuration Required to Secure Oracle HTTP Server After Applying Security Patch Updates 5.2. Start all opmn, OHS services. 5.3. Start all servers (Admin Server and all Managed Server(s)). 6. Deinstallation Instructions ------------------------------ If you experience any problems after installing this patch, remove the patch as follows: 1. Make sure to follow the same Prerequisites or pre-install steps (if any) when deinstalling a patch. This includes setting up any environment variables like ORACLE_HOME and verifying the OUI inventory before deinstalling. 2. Change to the directory where the patch was unzipped. $ cd PATCH_TOP/27197885 3. Run OPatch to deinstall the patch. $ opatch rollback -id 27197885 7. Post Deinstallation Instructions ----------------------------------- 1. Restart all opmn, OHS services. 2. Restart all servers (Admin Server and all Managed Server(s)). 8. Bugs Fixed by This Patch --------------------------- 16456553:FIX FOR BUG 16456553 17165063:FIX FOR BUG 17165063 17232193:FIX FOR BUG 17232193 17232255:FIX FOR BUG 17232255 17232750:FIX FOR BUG 17232750 17250040:FIX FOR BUG 17250040 17312011:FIX FOR BUG 17312011 17312028:FIX FOR BUG 17312028 17312060:FIX FOR BUG 17312060 17312075:FIX FOR BUG 17312075 17381536:FIX FOR BUG 17381536 19288606:FIX FOR BUG 19288606 19319912:FIX FOR BUG 19319912 19320318:FIX FOR BUG 19320318 19320346:FIX FOR BUG 19320346 19320420:FIX FOR BUG 19320420 19320493:FIX FOR BUG 19320493 19427272:FIX FOR BUG 19427272 19427597:FIX FOR BUG 19427597 19436186:FIX FOR BUG 19436186 19438407:FIX FOR BUG 19438407 19647609:FIX FOR BUG 19647609 19304888:FIX FOR BUG 19304888 20900385:FIX FOR BUG 20900385 21305938:FIX FOR BUG 21305938 24567879:FIX FOR BUG 24567879 26667970:BACKPORT IS RE DONE. FOR THE FIX 26318780 14384319:OHS IS NOT PASSING SSL_CLIENT_S_DN_CN VARIABLE. 16697095:12C:CONSISTENT OHS CRASH WHEN CONNECTING OVER SSL 17905017:DMS SHM FILE SHOULD BE REPLACED WITH SHARED MEMORY FOR PERFORMANCE 25191174:FIX FOR BUG 25191174 26837992:FIX FOR BUG 26837992 ----------------------------------------------------------------------------- DISCLAIMER: This interim patch has only undergone basic unit testing, and has not been through a complete test cycle generally followed for a production patch set. Though the fixes in this document rectifies the bug, Oracle Corporation will not be responsible for other issues that may arise due to these fixes. Oracle Corporation recommends to later upgrade to the next production patch set, when available. Applying this patch could overwrite other interim patches applied since the last patch set. Customers need to make a request to Oracle Support for a patch that includes those fixes, as well as inform Oracle Support about all the patches installed when a Service Request is opened. Please download, test, and provide feedback as soon as possible to assist in the timely resolution of this problem. Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. -----------------------------------------------------------------------------