README NAME: Recommended OS Cluster Solaris 10 x86 DATE: 2011.04.27 INTENT: ------- NOTE: From 2010.06.01 the patch inclusion criteria for the Recommended Cluster have changed. Previously the Recommended Cluster included the latest revision of any Solaris Operating System patch that addresses a Sun Alert issue. The Recommended Cluster content is now based on the 2010.05.31 Recommended Cluster (the final patch cluster from prior to this change), and going forward will be updated according to the new patch inclusion criteria given below. For further information about this change, please see: http://blogs.sun.com/patch/entry/merging_the_solaris_recommended_and The Recommended OS Cluster Solaris 10 x86 provides the minimum set of patches needed to address security and Sun Alert issues for Solaris 10 for x86. The patches contained in this patch cluster are considered the most important and highly recommended patches for Solaris 10. They provide the least amount of change required to address known security, data corruption and availability issues. The Recommended Cluster comprises: 1. The latest revision of the patch and package utility patches that ensure correct patching operations. 2. The minimum revision of Solaris Operating System patches which address security and Sun Alert (data corruption and availability) issues. 3. Any patch that is required to correctly install the above patches. When new patches are released that meet the above criteria, the patch cluster is updated. If a patch is withdrawn from release due to problems, the patch cluster is also updated. The withdrawn patches are removed from the patch cluster. As the patch cluster contains the minimum revision (as opposed to the latest available revision) of patches which address security and Sun Alert issues, the patch cluster is likely to contain some obsoleted patches. This is deliberate and not a cause for concern. The patch cluster can be installed to a system running Solaris 10 3/05 ("FCS") or a later Solaris 10 Update release. Depending on the current patch level of the target system, installation of the patch cluster can involve applying a number of complex Solaris 10 patches. These complex patches may require the user to follow specific install instructions listed in the Special Install Instructions section of the patches' README files, particularly if the patches are applied to the active boot environment of a system. The key issues are also described below in this README file. The matter of applying complex patches is primarily a concern for systems which are running an early Solaris 10 Update release and have not recently been patched. To avoid applying complex patches, and to get full new feature functionality, it is recommended to install or upgrade these systems using the latest Solaris 10 Update release install media. Following an install or upgrade operation, it is recommended to install this patch cluster to ensure the system has all current patches which address security and Sun Alert issues applied, including those patches released after the latest Solaris 10 Update release content was finalised. This README contains important information. Please read this README before installing this patch cluster. PATCH CLUSTER DESCRIPTION: -------------------------- This patch cluster is provided as a single zip file. The zip file is named: 10_x86_Recommended.zip Once the zip file has been downloaded, it may be extracted. For example, to extract this patch cluster in the current working directory, run: # unzip -q 10_x86_Recommended.zip If you experience problems unzipping this patch cluster please refer to MOS article 1020109.1 'Unzip of Solaris 10 Recommended Patch Clusters and Solaris 10 Sun Alert Patch Clusters fails', available from: https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&doctype=PROBLEM&id=1020109.1 ************** ATTENTION ************** If this patch cluster is installed to the active boot environment, then depending on the starting patch level of the system, complete installation of the patch cluster may require up to three installation phases with intervening reboots. For further information, refer to section 'III. Installing this Patch Cluster to the Active Boot Environment' below. If this patch cluster is installed to an inactive boot environment, then the need for multiple reboots and some special instructions can be avoided. *************** PASSCODE ************** The install script will only execute when the passcode specified in the README file is provided as a command line option. This is a safety mechanism to ensure you have read this README. You must follow the Special Install Instructions for key patches such as those highlighted in this README. It is also strongly recommended to read the Special Install Instructions section of the README of patches included in this patch cluster to check for any special install instructions which may apply to your specific system configuration. PASSCODE: s10cluster PATCHES INCLUDED: ----------------- Note that the patch list order below reflects the patch install order. 120901-03 SunOS 5.10_x86: libzonecfg patch 121334-04 SunOS 5.10_x86: zoneadmd, zlogin and zoneadm patch 119255-81 SunOS 5.10_x86: Install and Patch Utilities Patch 119318-01 SunOS 5.10_x86: SVr4 Packaging Commands (usr) Patch 121297-01 SunOS 5.10_x86: fgrep patch 138216-01 SunOS 5.10_x86: sort patch 122035-05 SunOS 5.10_x86: awk nawk Patch 127885-01 SunOS 5.10_x86: awk patch 145045-03 SunOS 5.10_x86: ksh pfksh rksh xargs sh patch 142252-02 SunOS 5.10_x86: sh patch 125556-10 SunOS 5.10_x86: patch behavior patch 140797-01 SunOS 5.10_x86: umountall patch 113000-07 SunOS 5.10_x86: SUNWgrub patch 117435-02 SunOS 5.10_x86: biosdev patch 118344-14 SunOS 5.10_x86: Fault Manager Patch 118668-30 JavaSE 5.0_x86: update 28 patch (equivalent to JDK 5.0u28) 118669-30 JavaSE 5.0_x86: update 28 patch (equivalent to JDK 5.0u28), 64bit 118778-14 Obsoleted by: 118778-15 SunOS 5.10_x86: Sun GigaSwift Ethernet 1.0 driver patch 121182-03 Obsoleted by: 121182-04 Sun Trunking Utility 1.3_x86: maintenance patch 121264-01 SunOS 5.10_x86: cadp160 driver patch 123840-04 SunOS 5.10_x86: Fault Manager Patch 138218-01 SunOS 5.10_x86: svccfg & svcprop patch 140861-02 SunOS 5.10_x86: su patch 121454-02 SunOS 5.10_x86: Sun Update Connection Client Foundation 121119-16 Obsoleted by: 121119-17 SunOS 5.10_x86: Sun Update Connection System Client 1.0.10 118844-20 Obsoleted by: 118844-27 SunOS 5.10_x86: kernel Patch 118855-36 SunOS 5.10_x86: kernel patch 118919-21 SunOS 5.10_x86: Solaris Crypto Framework patch 119060-55 Obsoleted by: 119060-56 X11 6.6.2_x86: Xsun patch 119064-01 SunOS 5.10_x86: libXpm patch 119082-25 SunOS 5.10_x86: CD-ROM Install Boot Image Patch 119116-35 Mozilla 1.7_x86: patch 119118-52 Obsoleted by: 119118-53 Evolution 1.4.6_x86 patch 119131-33 SunOS 5.10_x86: Sun Fibre Channel Device Drivers 119214-23 Obsoleted by: 119214-24 NSS_NSPR_JSS 3.12.6_x86: NSPR 4.8.4 / NSS 3.12.6 / JSS 4.3.2 119247-36 Obsoleted by: 119247-37 SunOS 5.10_x86: Manual Page updates for Solaris 10 124629-12 Obsoleted by: 124629-13 SunOS 5.10_x86: CD-ROM Install Boot Image Patch 119253-32 Obsoleted by: 119253-33 SunOS 5.10_x86: System Administration Applications Patch 123612-05 X11 6.6.2_x86: Trusted Extensions patch 119281-25 CDE 1.6_x86: Runtime library patch for Solaris 10 140900-01 SunOS 5.10_x86: [ir].manifest patch 119314-42 Obsoleted by: 119314-43 SunOS 5.10_x86: WBEM Patch 124189-03 SunOS 5.10_x86: Trusted Solaris Attributes Patch 119316-19 Obsoleted by: 119316-20 SunOS 5.10_x86: Solaris Management Applications Patch 120200-15 Obsoleted by: 120200-16 SunOS 5.10_x86: sysidtool Patch 119535-19 Obsoleted by: 119535-20 SunOS 5.10_x86: Flash Archive Patch 119549-14 GNOME 2.6.0_x86: Gnome Multi-protocol instant messaging client Patch 120273-30 Obsoleted by: 120273-31 SunOS 5.10_x86: SMA patch 122641-06 SunOS 5.10_x86: zfs genesis patch 127756-01 SunOS 5.10_x86: Fault Manager patch 125504-02 SunOS 5.10_x86: package-move-of-IP-objects patch 124205-05 Obsoleted by: 120037-15 SunOS 5.10_x86: zfs patch 122661-08 Obsoleted by: 120012-14 SunOS 5.10_x86: zones patch 125548-02 SunOS 5.10_x86: zoneadm indirect dependency patch 126424-03 SunOS 5.10_x86: bootadm patch 120012-14 SunOS 5.10_x86: kernel patch 139521-02 SunOS 5.10_x86: package specific [ir].manifest removal patch 119758-19 SunOS 5.10_x86: Samba patch 119765-06 SunOS 5.10_x86: ipmitool patch 119784-17 SunOS 5.10_x86: BIND patch 119811-05 Obsoleted by: 119811-06 SunOS 5.10_x86: International Components for Unicode Patch 119813-13 X11 6.6.2_x86: FreeType patch 119901-10 GNOME 2.6.0_x86: GNOME libtiff - library for reading and writing TIFF Patch 119904-02 Openwindows 3.7.3_x86: Xview Patch 119907-16 Obsoleted by: 119907-17 GNOME 2.6.0_x86: Virtual File System Framework patch 119987-03 SunOS 5.10_x86: clri patch 120095-30 Obsoleted by: 120095-31 X11 6.6.2_x86: xscreensaver patch 126411-01 StarOffice 8 (Solaris_x86): ARCH patch to enable install of >= Update 6 120186-22 Obsoleted by: 120186-23 StarOffice 8 (Solaris_x86): Update 17 120202-06 X11 6.8.0_x86: Xorg client libraries patch 120236-01 SunOS 5.10_x86: Live Upgrade Zones Support Patch 120461-17 Obsoleted by: 120461-19 GNOME 2.6.0_x86: Gnome libs Patch 119369-04 Obsoleted by: 119369-05 GNOME 2.6.0_x86: Printing Technology Patch 120287-03 Obsoleted by: 120287-04 GNOME 2.6.0_x86: Gnome text editor Patch 120293-02 Obsoleted by: 120293-03 SunOS 5.10_x86: mysql patch 120330-02 SunOS 5.10_x86: rexec patch 121976-01 CDE 1.6_x86: Xsession patch 120411-33 Obsoleted by: 120411-34 SunOS 5.10_x86: Internet/Intranet Input Method Framework patch 120413-11 Obsoleted by: 120413-12 SunOS 5.10_x86: Simplified Chinese locale patch 120415-27 Obsoleted by: 120415-28 SunOS 5.10_x86: Asian CCK locales patch 120544-22 SunOS 5.10_x86: Apache 2 Patch 120720-02 SunOS 5.10_x86: SunFreeware gzip patch 120740-06 GNOME 2.6.0_x86: GNOME PDF Viewer based on Xpdf 120831-06 SunOS 5.10_x86: vi and ex patch 121013-03 Obsoleted by: 144048-01 SunOS 5.10_x86: traceroute patch 121096-02 GNOME 2.6.0_x86: GNOME EXIF tag parsing library for digital cameras 121212-02 SunOS 5.10_x86: Sun Java Web Console (Lockhart) Patch 121309-20 Obsoleted by: 121309-21 SunOS 5.10_x86: Solaris Management Console Patch 121429-15 SunOS 5.10_x86: Live Upgrade Zones Support Patch 121607-04 GNOME 2.6.0_x86: Python patch 122213-40 Obsoleted by: 122213-41 GNOME 2.6.0_x86: GNOME Desktop Patch 122260-03 Obsoleted by: 122260-04 SunOS 5.10_x86: SunFreeware gnu esp ghostscript patch 122262-03 SunOS 5.10_x86: SunFreeware ghostscript man pages patch 122471-03 Obsoleted by: 122471-04 GNOME 2.6.0_x86: GNOME Java Help Patch 122912-24 SunOS 5.10_x86: Apache 1.3 Patch 122959-06 GNOME 2.6.0_x86: RealPlayer media application 123004-04 SunOS 5.10_x86: SAM module patch 124187-07 Obsoleted by: 124187-08 SunOS 5.10_x86: SCN Base cacao module patch 123631-03 Obsoleted by: 123631-04 SunOS 5.10_x86: HTTP proxy settings patch 123006-07 Obsoleted by: 123006-08 SunOS 5.10_x86: Basic Registration Update 123591-12 SunOS 5.10_x86: PostgresSQL patch 123614-01 X11 6.6.2_x86: OpenGL patch 123896-22 Obsoleted by: 123896-23 SunOS 5.9_x86 5.10_x86: Common Agent Container (cacao) runtime 2.2.4.2 upgrade patch 22 123939-02 GNOME 2.6.0_x86: GNU Transport Layer Security Library Patch 124394-11 CDE 1.6_x86: Dtlogin smf patch 124445-01 SunOS 5.10_x86: mountd patch 124458-02 Obsoleted by: 124458-03 X11 6.6.2_x86: xdm patch 124631-42 Obsoleted by: 124631-43 SunOS 5.10_x86: System Administration Applications, Network, and Core Libraries Patch 124939-04 SunOS 5.10 5.10_x86: JDMK 5.1 patch 124944-01 SunOS 5.10_x86: SunFreeware gzip man pages patch 124998-01 SunOS 5.10_x86: /usr/bin/tip patch 125138-26 JavaSE 6_x86: update 24 patch (equivalent to JDK 6u24) 125139-26 JavaSE 6_x86: update 24 patch (equivalent to JDK 6u24), 64bit 125216-04 SunOS 5.10_x86: wget patch 125280-05 CDE 1.6_x86: dtsession patch 125333-15 JDS 3_x86: Macromedia Flash Player Plugin Patch 125389-03 Obsoleted by: 125389-04 SunOS 5.10_x86: SNIA Multipath Management API and Multipathing Utilities 125534-15 Obsoleted by: 125534-16 GNOME 2.6.0_x86: Trusted Extension Runtime Patch 125540-06 Mozilla 1.7_x86: Mozilla Firefox Web browser 125542-06 Mozilla 1.7_x86: Mozilla Thunderbird email client 125720-42 Obsoleted by: 125720-43 X11 6.8.0_x86: Xorg server patch 125732-06 SunOS 5.10_x86: XML and XSLT libraries patch 125953-20 Oracle Java Web Console 3.1[_x86] 126207-05 Obsoleted by: 126207-06 SunOS 5.10_x86: zebra ripd quagga patch 126364-08 SunOS 5.10_x86: X Window System changes - Solaris Trusted Extensions 126366-16 Obsoleted by: 126366-17 SunOS 5.10_x86: CDE Desktop changes - Solaris Trusted Extensions 126441-01 SunOS 5.10_x86: rm patch 126869-05 SunOS 5.10_x86: SunFreeware bzip2 patch 127128-11 SunOS 5.10_x86: kernel patch 127725-02 SunOS 5.10_x86: xntpd patch 128412-01 SunOS 5.10_x86: vuidm patch 136883-02 SunOS 5.10_x86: ImageMagick patch 136999-09 SunOS 5.10_x86: PostgreSQL 8.2 core patch 137001-07 SunOS 5.10_x86: PostgreSQL 8.2 documentation patch 137005-08 SunOS 5.10_x86: PostgreSQL 8.2 source code patch 137033-01 SunOS 5.10_x86: namefs patch 137081-05 SunOS 5.10_x86: libpng Patch 137094-01 SunOS 5.10_x86: logindevperm patch 138867-02 SunOS 5.10_x86: sharetab patch 138884-01 SunOS 5.10_x86: GRUB patch 137138-09 SunOS 5.10_x86: kernel patch 137148-06 SunOS 5.10_x86: libexpat patch 137872-02 SunOS 5.10_x86: tk patch 138182-01 SunOS 5.10_x86: ike.preshared patch 138194-04 Service Tags 1.0: patch for Solaris 10_x86 138266-01 SunOS 5.10_x86: picld patch 138362-01 Obsoleted by: 138362-02 SunOS 5.10_x86: snmpXdmid patch 138374-02 SunOS 5.10_x86: fifofs patch 141017-01 SunOS 5.10_x86: Dummy Patch 139556-08 SunOS 5.10_x86: Kernel Patch 142293-01 SunOS 5.10_x86: Place Holder patch 141445-09 SunOS 5.10_x86: kernel patch 142912-01 SunOS 5.10_x86: KU Place Holder patch 142934-02 SunOS 5.10_x86: failsafe patch 142910-17 SunOS 5.10_x86: kernel patch 138624-04 Obsoleted by: 138624-05 SunOS 5.10_x86: cp, ln, mv, compress, pack, cpio, pax tar patch 138648-01 SunOS 5.10_x86: /usr/bin/dircmp patch 138823-07 SunOS 5.10_x86: PostgreSQL 8.3 documentation patch 138825-07 SunOS 5.10_x86: PostgreSQL 8.3 source code patch 138827-07 SunOS 5.10_x86: PostgreSQL 8.3 core patch 138877-01 Obsoleted by: 138877-02 SunOS 5.10_x86: usr/lib/inet/in.dhcpd patch 138881-02 SunOS 5.10_x86: ses patch 139100-04 Obsoleted by: 139100-05 SunOS 5.10_x86: gtar patch 139621-01 CDE 1.6_x86: DtHelp patch 140102-01 SunOS 5.10_x86: rpc.ypupdated patch 140106-01 SunOS 5.10_x86: usr/sbin/rpc.metad patch 140160-03 Obsoleted by: 143938-03 SunOS 5.10_x86: rsh/rlogin/rcp/rdist patch 140456-01 X11 6.6.2_x86: VNC Viewer patch 140564-01 SunOS 5.10_x86: ptsl patch 141503-02 SunOS 5.10_x86: auditconfig patch 141505-09 Obsoleted by: 141505-10 SunOS 5.10_x86: ipf patch 141553-04 SunOS 5.10_x86: Apache 2 mod_perl Perl cgi patch 141559-01 SunOS 5.10_x86: acctcom patch 141587-01 SunOS 5.10_x86: libgss.so.1 patch 141875-09 Obsoleted by: 141875-10 SunOS 5.10_x86: fp patch 141877-07 Obsoleted by: 144189-02 SunOS 5.10_x86: emlxs patch 142085-04 Obsoleted by: 143958-03 SunOS 5.10_x86: qlc patch 142398-01 SunOS 5.10_x86: libsasl.so.1 patch 142530-01 SunOS 5.10_x86: uptime w utmp_update whodo patch 143318-03 GNOME 2.6.0_x86: Instant Messaging patch 143503-01 GNOME 2.6.0_x86: Trusted Extensions patch 143507-01 GNOME 2.6.0_x86: Python patch 143511-01 GNOME 2.6.0_x86: GIMP patch 143562-09 SunOS 5.10_x86: gssd mech_krb5.so.1 kadmind patch 143600-09 Obsoleted by: 143600-10 SunOS 5.10_x86: timezones patch 143616-02 SunOS 5.10_x86: add_drv patch 143726-01 SunOS 5.10_x86: SunFreeware ntp patch 143728-01 SunOS 5.10_x86: SunFreeware ntp source patch 143732-01 SunOS 5.10_x86: libaudiofile patch 143734-01 CDE 1.6_x86: ToolTalk RPC patch 143740-01 SunOS 5.10_x86: Gedit patch 143913-01 SunOS 5.10_x86: ucode driver patch 144054-04 SunOS 5.10_x86: ftp and in.ftpd patch 144107-01 SunOS 5.10_x86: usr/lib/nfs/nfslogd patch 144255-01 SunOS 5.10_x86: rpcsec patch 144326-01 Obsoleted by: 144326-02 SunOS 5.10_x86: Resource Management User Interface Patch 144489-12 Obsoleted by: 144489-13 SunOS 5.10_x86: kernel patch 144493-01 SunOS 5.10_x86: JPool.jar patch 145007-02 SunOS 5.10_x86: Webmin patch 145081-02 SunOS 5.10_x86: Firefox 3 patch 145125-02 SunOS 5.10_x86: usermgmt patch 145201-04 SunOS 5.10_x86: Thunderbird patch 145797-01 Obsoleted by: 145797-02 SunOS 5.10_x86: dls patch 145962-02 SunOS 5.10_x86: fmd patch 146020-01 Obsoleted by: 146020-02 SunOS 5.10_x86: sd patch 146280-01 SunOS 5.10_x86: uucp patch 146364-01 SunOS 5.10_x86: Samba patch 146773-01 SunOS 5.10_x86: CVE-2010-1168 - Safe.pm 2.24 and earlier (Perl 5.6.1) 146803-02 SunOS 5.10_x86: ufs fs patch 146859-01 SunOS 5.10_x86: ssl patch Extra Patches: The patch cluster contains the following patches which are themselves obsoleted by other patches in the patch cluster. These patches are required to ensure correct installation of the patch cluster on Solaris 10 11/06 and earlier Solaris 10 Update releases. The obsolete patches will only be applied to those systems where they are necessary, they will not be applied if the system is already at a higher patch level. Patch Reason 118844-20: This kernel patch must be active to ensure compatibility with library changes provided in subsequent patches. 122661-08: Obsolete patch required by 125548-02. 125548-02 is the zoneadm indirect dependency patch, which is needed to resolve an issue applying kernel patch 120012-14 on a system with zones support. See CR 6471974. 124205-05: Obsolete patch required by 122661-08. The patch cluster contains the following patches for Unbundled Software Products (ie. add on products that are not part of a default Solaris 10 installation). Patches for Unbundled Products are included in the patch cluster only if their use is required to avoid critical OS problems. These patches will only be applied to systems where the associated Unbundled Product is installed. Patch Reason 121182-03: Patch is required to avoid panic caused by bad interaction between Sun Trunking and GigaSwift Ethernet drivers. See SunAlert 200701. Live Upgrade patch 121431-XX is included in the patches/ directory of the patch cluster, but this patch will not be applied during patch cluster installation. The decision to apply the Live Upgrade patch is left to the user, this is done to accommodate users who wish to independently manage the version of the Live Upgrade patch on their system. Where a user wishes to apply the Live Upgrade patch, this needs to be done manually with the patchadd command. IMPORTANT NOTES AND WARNINGS: ----------------------------- KNOWN ISSUES: When installing the patch cluster to an inactive boot environment, the install script may abort with the following message: ERROR: Failed to determine zone configuration for target boot environment. Please verify configuration with zoneadm(1M). This will occur when the /etc/zones/index file of the inactive boot environment specifies an invalid state for the global zone. The correct state is 'installed', however the state may have been incorrectly changed to 'configured' as a consequence of CR 6804076. To confirm whether the issue exists, mount the inactive boot environment and run the following command: # grep "^global:configured:" /etc/zones/index global:configured:/ # The issue exists if the grep command outputs a line as above. To resolve the issue, first make a backup copy of /etc/zones/index in the inactive boot environment, then manually edit /etc/zones/index in the inactive boot environment and correct the entry for the global zone by replacing 'configured' with 'installed'. PATCH CLUSTER SIZE: This patch cluster is delivered as a single zip file. The size of this file is approximately 1.8G. In uncompressed form, the size of the patch cluster is approximately 4.0G. FILESYSTEM FREE SPACE REQUIREMENTS: It is difficult to give a precise estimate of how much free disk space is required to install the patch cluster. The amount of free space required depends on many factors. The following factors all increase the amount of space needed: - The release of Solaris 10 onto which the patch cluster is being installed. A Solaris 10 3/05 ("FCS") system will require considerably more free space than a system running the latest Solaris 10 Update release. - Whether zones are installed or not. The nature of the zones is important. Each whole root non-global zone will require approximately the same amount of free space as the global zone, while each sparse root non-global zone will require much less space on the filesystems where the zone resides. - Whether the patch cluster is installed with the "save" feature disabled. It is strongly recommended to use the default "save" feature when installing the patch cluster even though this requires more disk space. It allows the patches that are applied to be removed in case any issues are found post installation. Disabling the "save" feature with the "-d" flag (described below) will reduce the amount of disk space needed, however this is not the recommended way of installing the patch cluster. As a guide, the free space required to install this patch cluster using the default "save" feature to an unpatched Solaris 10 FCS system with the entire distribution plus OEM support metacluster is approximately 1.7G. Each whole root non-global zone would need approximately the same amount of space free in the filesystem that contains the zone's root. The install script will check that sufficient space is free before applying each patch. The script will stop if it estimates there is not enough free space available, and will provide instructions on how to override space checking should the user wish to continue patch cluster installation anyway. The backout data for patches applied using patchadd's default save mode is stored under the /var/sadm/pkg directory in the target system. The amount of backout data stored builds up as more patches are applied to the system. If the filesystem on which the /var/sadm/pkg directory resides becomes low on free space, MOS article 1005804.1 'Solaris[TM]: Recovering Space Used for Saved Backout Data from Patches' describes a number of options for increasing the amount of free space available. This article is available from: https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&doctype=HOWTO&id=1005804.1 SYSTEMS WITH LIMITED DISK SPACE SHOULD *NOT* INSTALL PATCHES: Whether you use the default "save" feature to store backout data or not, the patch application process still requires disk space for installation and administrative tasks. The disk space is needed in filesystems where patches deliver payload. The exact amount of space depends on the system's architecture, the software packages already installed, and the difference in size of the patched objects. In case a problem occurs, ensure a recent full system backup is available. SAVE AND BACKOUT OPTIONS: By default, the install script uses the patchadd command's default save mode to save a copy of the objects being patched. This is the recommended option. Patches can only be removed and the original objects restored if the default "save" feature is used when installing this patch cluster. You can override the "save" feature by using the "-d" flag when executing the install script. Using the "-d" flag means that you will not be able to backout the patches. This would be problematic if ever there was a need to remove a patch, therefore use of the "-d" flag is not the recommended option. BOOTING OF NEWLY CREATED NON-GLOBAL ZONES: Newly created non-global zones can fail to boot for a short period (~5 minutes) immediately after having been installed. This problem only affects systems running Solaris 10 5/09 (Update 7) or earlier Solaris 10 Update releases, where this patch cluster has been installed and patch 121428-13 (or higher) has *not* been applied. Note patch 121428-13 (or higher) does not meet the criteria for inclusion in this patch cluster. Resolution is to wait for a sufficient period before booting a newly created zone, or to apply patch 121428-13 (or higher) before creating new non-global zones. SPECIAL INSTALL INSTRUCTIONS: As with any patch individually applied, there might be additional Special Install Instructions. These instructions are documented in the individual patch README file. To determine if any additional installation steps are necessary, it is recommended to read each patch README before installing this patch cluster. A PATCH MAY NOT BE APPLIED: Some of the patches in the patch cluster will not apply on particular systems. The following are examples of when a patch might not apply. These situations are nominal and are not a cause for concern. The patch may be one of the obsolete or Unbundled Software Product patches listed in the "PATCHES INCLUDED" section. The patch might patch packages that: - Are only installed on specific hardware. - Were introduced in a later Solaris Update release than the release installed on the target system. - Are not present in the installation Software Group (metacluster) that was installed on the target system. - Have been deliberately removed from the target system during system hardening. The patchadd command recognises packages that already have a patch applied and will only apply a patch to those packages which aren't already patched. Therefore, if a patch patches several packages and only some of them are present on the target system, then those packages present are patched. If other packages are installed on the system at a later date, then patches for those packages need to be reapplied. OLDER VERSIONS OF PATCHES ALREADY APPLIED: Backing out older revisions of patches provided in the patch cluster is not required for the newer revision to be applied. If the patch cluster is installed using the default "save" feature, then the patchadd command will save off the preexisting objects. If a patch is subsequently removed, the objects will be restored to the prior patch level. INSTALL INSTRUCTIONS: --------------------- This patch cluster can be installed on the active boot environment, or to an inactive boot environment using either the "-B" Live Upgrade option, or the "-R" alternate root option. The "-R" alternate root option can be used to patch alternate boot environments that have been created manually and not necessarily via Live Upgrade. Patching an inactive boot environment is recommended, because the downtime associated with patching is reduced and there's a simple fallback option if needed: reboot back into the original boot environment. Patching an inactive boot environment removes the need to follow a significant number of Special Install Instructions that would be required if you patched the active boot environment. If the patch cluster is installed to an inactive boot environment then some patches may need to be applied to the active boot environment initially. For example, the same revision (or higher) of the patch utilities patch contained in this patch cluster will need to be applied to the active boot environment before the patch cluster can be applied to an alternate boot environment. See "--apply-prereq" flag in the "PATCH CLUSTER INSTALLATION INSTRUCTIONS" section. Specific details for the three install contexts are given in the following sections. General installation instructions applicable to all contexts are given in the "PATCH CLUSTER INSTALLATION INSTRUCTIONS" section. I. Installing this Patch Cluster to a Live Upgrade Boot Environment Before installing this patch cluster to an inactive Live Upgrade boot environment, it is important those patches necessary to ensure the correct functioning of Live Upgrade are applied to the required boot environments. If the intent is use of Live Upgrade on a system running Solaris 10 8/07 (Update 4) or an earlier Solaris 10 Update release, then it is recommended to install the Live Upgrade Starter Patchset for Solaris 10. Installing the LU Starter Patchset will provide the system with a level of functionality sufficient to enable use of Live Upgrade. The LU Starter Patchset can be located with the patch search facility under the 'Patches & Updates' tab on MOS. If the intent is use of Live Upgrade on a system running Solaris 10 5/08 (Update 5) or a later Solaris 10 Update release, then the list of required patches can be found in MOS article 1004881.1 'Solaris[TM] Live Upgrade Software: Patch Requirements', available from: https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&doctype=HOWTO&id=1004881.1 It is generally recommended to review article 1004881.1 before installing this patch cluster to an inactive Live Upgrade boot environment. The article provides the most current information on those patches necessary to ensure the correct functioning of Live Upgrade on various different system configurations. When installing this patch cluster to an inactive boot environment, the install script may stop and notify the user of the need to invoke the script with the "--apply-prereq" flag to ensure appropriate levels of various patches (including the patch utility patches) are applied to the running system. The patch cluster will not install to an inactive boot environment if the running system does not have these patches applied. There is no need to bring the running system to single-user mode when installing this patch cluster to an inactive boot environment. A discussion of how to use Live Upgrade to create and manage boot environments is outside the scope of this document. The install script accompanying this patch cluster will not create Live Upgrade boot environments. For information on how to use Live Upgrade please see document "Solaris 10 Installation Guide: Solaris Live Upgrade and Upgrade Planning.", available from: http://download.oracle.com/docs/cd/E19253-01/821-1910/index.html The following command installs this patch cluster to an inactive boot environment that was previously created with Live Upgrade: ./installcluster -B For example, to install the patch cluster to an inactive boot environment named 'second_disk', the following command would be run: # lustatus Boot Environment Is Active Active Can Copy Name Complete Now On Reboot Delete Status -------------------------- -------- ------ --------- ------ ---------- first_disk yes yes yes no - second_disk yes no no yes - # ./installcluster -B second_disk II. Installing this Patch Cluster to an Alternate Root This patch cluster can be installed to an arbitrary alternate root. This mode of installation is not recommended for general users, it is provided for advanced users who recognise situations where this mode of installation is beneficial, and have a thorough understanding of the additional complexities involved in setting up the alternate root. When installing this patch cluster to an alternate root, the install script may stop and notify the user of the need to invoke the script with the "--apply-prereq" flag to ensure appropriate levels of various patches (including the patch utility patches) are applied to the running system. The patch cluster will not install to an alternate root if the running system does not have these patches applied. There is no need to bring the running system to single-user mode when installing this patch cluster to an alternate root. The following command installs this patch cluster to an alternate root: ./installcluster -R For example, if an alternate boot environment has its root and all subordinate file systems mounted under /mnt/altroot, the following command would be run: # ./installcluster -R /mnt/altroot III. Installing this Patch Cluster to the Active Boot Environment Patching an inactive boot environment using either the "-B" Live Upgrade option, or the "-R" alternate root option is recommended over patching the active boot environment. The following special warnings apply if this patch cluster is applied to the active boot environment: 1. SINGLE USER MODE Ideally the installation should be performed in single-user mode (run level S), although this in not a strict requirement. Depending on system configuration, it may be necessary to mount local filesystems before installing this patch cluster (for example, if a system configuration has zone roots on a local filesystem that is not mounted in single-user mode). In most cases, onlining the filesystem/local service will be sufficient to ensure the required filesystems are mounted. This can be accomplished by running the following command: # svcadm enable svc:/system/filesystem/local:default Note that the install script may abort during the setup phase with an indefinite error message if the required filesystems are not mounted. The exact error messaging can vary from one system configuration to another - for illustrative purposes one example of such messaging follows: # ./installcluster Setup .zoneadm: /export/zones/z1s: No such file or directory could not verify zonepath /export/zones/z1s because of the above errors. zoneadm: zone z1s failed to verify ERROR: Zone verification failed : unable to mount zone 'z1s'. # Should this problem occur, ensure local filesystems are mounted then reinvoke the install script. 2. REBOOTS Some patches specify in their README file that an immediate reboot or reconfiguration reboot ('reboot -- -r') is required when they are applied to an active boot environment. Generally, it is possible to complete patching operations before initiating the reboot, but normal operations should not be resumed until the reboot is performed. In the rare case where it is not possible to continue patching operations, the specific patches involved will contain logic that prevents further patching operations until a reboot is performed. For further information, please see MOS article 1019921.1 'Definitive interpretation of the "rebootimmediate" and "reconfigimmediate" patch flags', available from: https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&doctype=REFERENCE&id=1019921.1 The install script will stop installation of the patch cluster when an interim reboot is required, and notify the user that a reboot is needed. The install script should be reinvoked after the reboot and patch cluster installation will resume. See "PATCH CLUSTER INSTALLATION INSTRUCTIONS" for details of the messages that are displayed. The factors that determine how many reboots are necessary are described below. Depending on the starting patch level of the target system, up to three reboots are needed. If the active boot environment is running a kernel at a patch level below 118844-19, the install script needs to be invoked THREE times, with a reboot after each invocation. First reboot: The first reboot is necessary to ensure a kernel at patch level 118844-19 (or higher) is running on the active boot environment. This is required to ensure compatibility with library changes provided in subsequent patches. Patch 118844-20 is provided in the patch cluster. The first reboot brings the patch level of the running kernel to 118844-20, which satisfies the compatibility requirements. Second reboot: If the active boot environment is running a kernel at a patch level of 118844-19 or above, but below a patch level of 118855-36, the install script needs to be invoked TWICE with a reboot after each invocation. A reboot is necessary after applying patch 118855-36 because the patchadd command is disabled and no further patches can be applied until the system is rebooted. This is a safety device which is necessary due to the complexity of installing the code changes delivered in kernel patch 118855-36 to an active boot environment. Kernel patch 118855-36 is the kernel patch released shortly after the Solaris 10 11/06 release (Solaris 10 Update 3). This patch delivers a significant amount of code change. Some manual steps might be required in order to safely apply this patch. Please carefully review the Special Install Instructions in the 118855-36 patch README. Final reboot: A reboot is required at the end of the patch cluster installation to ensure all changes are activated. 3. GRUB The patch cluster installs the GNU GRand Unified Bootloader (GRUB) architecture if the active boot environment is running at a kernel patch level below 118844-21. Caution - please follow the specific instructions relevant to the system in: https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&doctype=ALERT&id=1000670.1 Failure to follow these instructions may result in the system failing to boot. 4. ZONES MUST BE HALTED If the active boot environment is running a kernel at a patch level of 118833-36 or above, all native non-global zones need to be halted before the patch cluster can be installed (in the output of 'zoneadm list -cv,' halted zones are shown as being in the 'installed' state). 5. PATCHES UTILISING DEFERRED ACTIVATION PATCHING The deferred activation patches included in the patch cluster are listed below: Patch Details 120012-14: Solaris 10 8/07 (Update 4) kernel patch. 127128-11: Solaris 10 5/08 (Update 5) kernel patch. 137138-09: Solaris 10 10/08 (Update 6) kernel patch. 139556-08: Solaris 10 5/09 (Update 7) kernel patch. 141445-09: Solaris 10 10/09 (Update 8) kernel patch. 142910-17: Solaris 10 9/10 (Update 9) kernel patch. 144489 : post Solaris 10 9/10 sustaining kernel patch. Please carefully review the Special Install Instructions in the README files of these patches. Deferred activation patching was introduced in the patch utilities during the course of the Solaris 10 8/07 release as a way of ensuring system consistency while patching an active boot environment. Patches that need to be applied in deferred activation patching mode will have the SUNW_PATCH_SAFE_MODE parameter set to true in their pkginfo files. Deferred activation patching utilises loopback mounts (lofs) to mask the patched objects until a reboot is performed. Deferred activation patching is designed to enable subsequent patches to be applied before the reboot is initiated. If any subsequent patch directly or indirectly requires a patch applied in deferred activation patching mode, the patch will also automatically be applied in deferred activation patching mode by the patchadd command. Objects updated using deferred activation patching will be activated upon reboot of the system. After applying patches in deferred activation patch mode, a system will have a large number of files mounted via loop back filesystem. The df and mount commands will show these mounted files. For more information on deferred activation patching see: http://download.oracle.com/docs/cd/E19253-01/817-0547/gfick/ A reboot is required after applying deferred activation patches, to activate the changes. PATCH CLUSTER INSTALLATION INSTRUCTIONS: 1. Make sure the patch cluster has been expanded. See "PATCH CLUSTER DESCRIPTION" section for more details. 2. Decide if you want to save backout data so that patches can be removed at a later date. By default, the install script uses the patchadd command's default save mode to save a copy of the objects being patched. This is the recommended option. Patches can only be removed and the original objects restored if the default "save" feature is used when installing this patch cluster. You can override the "save" feature by using the "-d" flag when executing the install script. Using the "-d" flag means that you will not be able to backout the patches. This would be problematic if ever there was a need to remove a patch, therefore use of the "-d" flag is not the recommended option. 3. Run the installcluster script. # cd 10_x86_Recommended # ./installcluster -h usage: installcluster [-d] [-h] [-R alt-root-path|-B alt-boot-env] [--apply-prereq] -- [-d] - don't save undo packages [-h] - display this usage message [-B alt-boot-env] - specify LU boot environment as target [-R alt-root-path] - specify alternate root as target [--apply-prereq] - apply prerequisite patches only -- - passcode required for script execution # - The "-d" flag is explained in step 2. - The "-B" flag is explained in section "I. Installing this Patch Cluster to a Live Upgrade Boot Environment". - The "-R" flag is explained in section "II. Installing this Patch Cluster to an Alternate Root". - The "--apply-prereq" flag is for use on the active boot environment, prior to installing the patch cluster to an inactive boot environment. It ensures at least the same revision (or higher) of the patch utilities patches contained in this patch cluster are applied to the running system. This is a prerequisite for installing the patch cluster to an inactive boot environment. - The "--" flag is a safety mechanism to ensure the README file has been read. The passcode can be found at the end of the "PATCH CLUSTER DESCRIPTION" section. 4. The progress of the install script is displayed on your terminal. The output should look similar to the following (this is from a system on which kernel patch 118855-36 was already applied): # ./installcluster --s10cluster Setup .......... Recommended OS Cluster Solaris 10 x86 (2010.09.08) The patch set will complete installation in this session. No intermediate reboots are required. Application of patches started : 2010.09.08 17:15:09 Applying 120901-03 ( 1 of 196) ... skipped Applying 121334-04 ( 2 of 196) ... skipped Applying 119255-76 ( 3 of 196) ... skipped . . . Applying 144255-01 (194 of 196) ... success Applying 144326-01 (195 of 196) ... success Applying 145125-01 (196 of 196) ... success Application of patches finished : 2010.09.08 18:27:15 Following patches were applied : 118919-21 139521-02 121212-02 128412-01 141501-08 119060-55 119758-18 121309-20 136883-02 141503-02 119064-01 119765-06 121607-04 137033-01 141505-09 119082-25 119784-15 122213-40 137081-04 141517-12 119116-35 119811-05 122260-03 137094-01 141553-01 119118-52 119813-11 122262-03 138867-02 141559-01 119131-33 119901-09 122471-03 138884-01 141587-01 119214-23 119904-02 122676-05 137138-09 141875-09 119247-36 119907-16 122912-22 137148-06 142085-04 124629-12 119987-03 123614-01 137872-02 142398-01 119253-32 120095-30 123939-02 138182-01 142530-01 123612-05 120202-06 124394-10 138266-01 142912-01 119281-22 120236-01 124445-01 138362-01 142934-02 124189-03 120461-17 124458-02 138374-02 142910-17 119316-19 119369-04 124631-42 138648-01 143318-02 120200-15 120287-03 124944-01 138877-01 143503-01 119535-19 120293-02 124998-01 139100-04 143507-01 119549-14 120330-02 125216-03 141017-01 143511-01 140900-01 121976-01 125280-05 139556-08 143526-01 120273-30 120411-33 125389-03 139621-01 143732-01 122641-06 120413-11 125556-07 140102-01 143734-01 127756-01 120415-27 125720-41 140106-01 143740-01 125504-02 120544-20 125732-05 140160-03 143913-01 124205-05 120720-02 126207-05 140400-03 144107-01 122661-08 120740-06 126441-01 140564-01 144255-01 125548-02 120831-06 126869-04 142293-01 144326-01 126424-03 121013-03 127128-11 141445-09 145125-01 120012-14 121096-02 127725-02 Following patches were skipped : Patches already applied 120901-03 138216-01 140797-01 118778-14 121454-02 121334-04 122035-05 113000-07 121264-01 121454-02 119255-76 127885-01 117435-02 123840-04 121119-16 119318-01 141589-04 118344-14 138218-01 118844-20 121297-01 142252-01 118668-26 140861-01 118855-36 Patches not applicable to packages on the system 118669-26 123631-03 125333-10 136999-09 138827-07 121182-03 123006-07 125534-15 137001-07 138881-02 126411-01 123591-12 125540-06 137005-08 140456-01 120186-21 123896-22 125542-06 138194-04 141877-07 122959-06 124939-03 125953-20 138823-07 143726-01 123004-04 125138-22 126364-08 138825-07 143728-01 124187-07 125139-22 126366-16 Installation of patch set complete. PLEASE REBOOT THE SYSTEM. Install log files written : /var/sadm/install_data/s10x_rec_cluster_short_2010.09.08_17.15.09.log /var/sadm/install_data/s10x_rec_cluster_verbose_2010.09.08_17.15.09.log # If the patch cluster is installed on the active boot environment, the system may require one or more interim reboots before completing installation. If a message similar to the following is seen during installation, reboot the system and reinvoke the install script. "The installation of this patch set has halted after applying patch 118855-36. The machine must now be rebooted before further patches can be applied. Please reboot the machine and rerun this script. For further details, see patch set README file." Once the system is rebooted and the install script is reinvoked, installation of the patch cluster will continue. 5. If an unexpected error is encountered during the installation of this patch cluster, the install script will abort. Should this occur, the error must be investigated and the issue resolved before proceeding further. More details about the causes of failure can be found in the log files. The following log files are created during installation of the patch cluster: /var/sadm/install_data/s10x_rec_cluster_failed_