Oracle® Database

From CPUJan2016 onwards, the 5th digit of the version number will be changed to reflect the release date in the format YYMMDD. See My Oracle Support Document 2061926.1 for more information.

PSU patches are cumulative. That is, the content of all previous PSUs is included in the latest PSU patch.

This PSU includes the fixes listed in Bugs Fixed by This Patch.

To install this PSU, the Oracle home must have the 11.2.0.4.0 Database installed. Subsequent PSU patches can be installed on Oracle Database 11.2.0.4.0 or any PSU with a lower 5th numeral version than the one being installed.

This patch is Oracle RAC Rolling Installable.

This patch is Database Vault installable. Review My Oracle Support Document 1195205.1 for details on how to apply this patch to a Database Vault environment.

This patch is Data Guard Standby-First Installable. See My Oracle Support Document 1265700.1 Oracle Patch Assurance - Data Guard Standby-First Patch Apply for details on how to remove risk and reduce downtime when applying this patch.

This patch contains a security fix due to which a SELECT query's plan MAY change under the following conditions:

• The SELECT queries a table protected with a Fined Grained Auditing policy

• And the policy condition is NULL

This section includes the following section:

• OPatch Utility

You must use the OPatch utility version 11.2.0.3.6 or later to apply this patch. Oracle recommends that you use the latest released OPatch version for 11.2, which is available for download from My Oracle Support patch 6880880 by selecting the 11.2.0.0.0 release.

For information about OPatch documentation, including any known issues, see My Oracle Support Document 293369.1 OPatch documentation list.

These instructions are for all Oracle Database installations.

• Patch Pre-Installation Instructions

• Patch Installation Instructions

• Patch Post-Installation Instructions

• Patch Post-Installation Instructions for Databases Created or Upgraded after Installation of This PSU patch in the Oracle Home

Before you install this patch, perform the following actions to check the environment and to detect and resolve any one-off patch conflicts.

• Applying Database PSU Along Side the Oracle JavaVM Component 11.2.0.4.x Database PSU Patch

• Environments with Grid Infrastructure (GI)

• Environment Checks

• One-off Patch Conflict Detection and Resolution

From October 2014 onwards, the Oracle JavaVM Component 11.2.0.4.x Database PSU patch is also available as a separate patch. This patch is not Oracle RAC Rolling Installable. For customers wanting to install both patches together during a single downtime window, follow the various Patching Options listed in the My Oracle Support Document 1929745.1 - Oracle Recommended Patches -- "Oracle JavaVM Component Database PSU and RU" (OJVM PSU and OJVM RU) Patches.

If you are installing the PSU to an environment that has a Grid Infrastructure (GI) home, note the following:

• Grid Infrastructure PSU 11.2.0.4.180717 Patch 27967757 should be applied to the Grid Infrastructure home and Database home using the readme instructions provided with the patch.

1. Ensure that the $PATH definition has the following executables: make, ar, ld, and nm.

   The location of these executables depends on your operating system. On many operating systems, they are located in /usr/ccs/bin, in which case you can set your PATH definition as follows:

   export PATH=$PATH:/usr/ccs/bin

For an introduction to the PSU one-off patch concepts, see "Patch Set Updates Patch Conflict Resolution" in My Oracle Support Document 854428.1 Patch Set Updates for Oracle Products.

The fastest and easiest way to determine whether you have one-off patches in the Oracle home that conflict with the PSU, and to get the necessary conflict resolution patches, is to use the Patch Recommendations and Patch Plans features on the Patches & Updates tab in My Oracle Support. These features work in conjunction with the My Oracle Support Configuration Manager. Recorded training sessions on these features can be found in Document 603505.1.

However, if you are not using My Oracle Support Patch Plans, the My Oracle Support Conflict Checker tool enables you to upload an OPatch inventory and check the patches that you want to apply to your environment for conflicts.

If no conflicts are found, you can download the patches. If conflicts are found, the tool finds an existing resolution to download. If no resolution is found, it will automatically request a resolution, which you can monitor in the Plans and Patch Requests region of the Patches & Updates tab.

For more information, see Knowledge Document 1091294.1, How to use the My Oracle Support Conflict Checker Tool.

Or, use the following steps to manually discover conflicts and resolutions:

1. Determine whether any currently installed one-off patches conflict with the PSU patch as follows:

   unzip p27734982_112040_<platform>.zip
   cd 27734982
   opatch prereq CheckConflictAgainstOHWithDetail -ph ./
   

2. The report will indicate the patches that conflict with PSU 27734982 and the patches for which PSU 27734982 is a superset.

   Note that Oracle proactively provides PSU one-off patches for common conflicts with this patch.

3. Use My Oracle Support Document 1321267.1 Database Patch conflict resolution to determine, for each conflicting patch, whether a conflict resolution patch is already available, and if you need to request a new conflict resolution patch or if the conflict may be ignored.

4. When all the one-off patches that you have requested are available at My Oracle Support, proceed with Patch Installation Instructions.

Conflicting patches should be rolled back before applying the patch, otherwise opatch apply will report conflicts again.

Follow these steps:

1. If you are using a Data Guard Physical Standby database, you must install this patch on both the primary database and the physical standby database, as described by My Oracle Support Document 278641.1.

2. If this is an Oracle RAC environment, install the PSU patch using the OPatch rolling (no downtime) installation method as the PSU patch is rolling Oracle RAC installable. Refer to My Oracle Support Document 244241.1 Rolling Patch - OPatch Support for RAC.

3. If this is not a Oracle RAC environment, shut down all instances and listeners associated with the Oracle home that you are updating. For more information, see Oracle Database Administrator's Guide.

4. Rollback any patches found during the One-off Patch Conflict Detection.

5. Set your current directory to the directory where the patch is located and then run the OPatch utility by entering the following commands:

   unzip p27734982_112040_<platform>.zip
   cd 27734982
   opatch apply
   

6. Install all resolutions to conflicts found during the One-off Patch Conflict Detection.

7. If there are errors, refer to Known Issues.

After installing the patch, perform the following actions:

1. Apply conflict resolution patches as explained in Applying Conflict Resolution Patches.

2. Load modified SQL files into the database, as explained in Loading Modified SQL Files into the Database.

Apply the patch conflict resolution one-off patches that were determined to be needed when you performed the steps in One-off Patch Conflict Detection and Resolution.

The following steps load modified SQL files into the database. For an Oracle RAC environment, perform these steps on only one node.

1. For each database instance running on the Oracle home being patched, connect to the database using SQL*Plus. Connect as SYSDBA and run the catbundle.sql script as follows:

   cd $ORACLE_HOME/rdbms/admin
   sqlplus /nolog
   SQL> CONNECT / AS SYSDBA
   SQL> STARTUP
   SQL> @catbundle.sql psu apply
   SQL> QUIT
   

   The catbundle.sql execution is reflected in the dba_registry_history view by a row associated with bundle series PSU.

   For information about the catbundle.sql script, see My Oracle Support Document 605795.1 Introduction to Oracle Database catbundle.sql.

2. If the OJVM PSU was applied for a previous PSU patch, you may see invalid Java classes after execution of the catbundle.sql script in the previous step. If this is the case, run utlrp.sql to re-validate these Java classes.

   cd $ORACLE_HOME/rdbms/admin
   sqlplus /nolog
   SQL> CONNECT / AS SYSDBA
   SQL> @utlrp.sql
   

3. Check the following log files in $ORACLE_HOME/cfgtoollogs/catbundle or $ORACLE_BASE/cfgtoollogs/catbundle for any errors:

   catbundle_PSU_<database SID>_APPLY_<TIMESTAMP>.log
   catbundle_PSU_<database SID>_GENERATE_<TIMESTAMP>.log
   

   where TIMESTAMP is of the form YYYYMMMDD_HH_MM_SS. If there are errors, refer to Known Issues.

4. This patch now includes the OJVM Mitigation patch (Patch:19721304). If an OJVM PSU is installed or planned to be installed, no further actions are necessary. Otherwise, the workaround of using the OJVM Mitigation patch can be activated. As SYSDBA do the following from the admin directory:

   SQL > @dbmsjdev.sql
   SQL > exec dbms_java_dev.disable
   

   For more information on the OJVM mitigation patch, see Document 1929745.1 Oracle Recommended Patches -- "Oracle JavaVM Component Database PSU and RU" (OJVM PSU and OJVM RU) Patches.

There are no actions required for databases that have been upgraded or created after installation of this patch.

These instructions apply if you need to deinstall the patch.

• Patch Deinstallation Instructions for a Non Oracle RAC Environment

• Patch Post-Deinstallation Instructions for a Non Oracle RAC Environment

• Patch Deinstallation Instructions for an Oracle RAC Environment

• Patch Post-Deinstallation Instructions for an Oracle RAC Environment

Follow these steps:

1. Verify that an $ORACLE_HOME/rdbms/admin/catbundle_PSU_<database SID>_ROLLBACK.sql file exists for each database associated with this ORACLE_HOME. If this is not the case, you must execute the steps in Loading Modified SQL Files into the Database against the database before deinstalling the PSU.

2. Shut down all instances and listeners associated with the Oracle home that you are updating. For more information, see Oracle Database Administrator's Guide.

3. Run the OPatch utility specifying the rollback argument as follows.

   opatch rollback -id 27734982
   

4. If there are errors, refer to Known Issues.

Follow these steps:

1. Start all database instances running from the Oracle home. (For more information, see Oracle Database Administrator's Guide.)

2. For each database instance running out of the ORACLE_HOME, connect to the database using SQL*Plus as SYSDBA and run the rollback script as follows:

   cd $ORACLE_HOME/rdbms/admin
   sqlplus /nolog
   SQL> CONNECT / AS SYSDBA
   SQL> STARTUP
   SQL> @catbundle_PSU_<database SID>_ROLLBACK.sql
   SQL> QUIT
   

   In an Oracle RAC environment, the name of the rollback script will have the format catbundle_PSU_<database SID PREFIX>_ROLLBACK.sql.

3. If the OJVM PSU was applied for a previous PSU patch, you may see invalid Java classes after execution of the catbundle.sql script in the previous step. If this is the case, run utlrp.sql to re-validate these Java classes.

   cd $ORACLE_HOME/rdbms/admin
   sqlplus /nolog
   SQL> CONNECT / AS SYSDBA
   SQL> @utlrp.sql
   

4. Check the log file for any errors. The log file is found in $ORACLE_BASE/cfgtoollogs/catbundle and is named catbundle_PSU_<database SID>_ROLLBACK_<TIMESTAMP>.log where TIMESTAMP is of the form YYYYMMMDD_HH_MM_SS. If there are errors, refer to Known Issues.

Follow these steps for each node in the cluster, one node at a time:

1. Shut down the instance on the node.

2. Run the OPatch utility specifying the rollback argument as follows.

   opatch rollback -id 27734982
   

   If there are errors, refer to Known Issues.

3. Start the instance on the node as follows:

   srvctl start instance –d <db-unique-name> -n <nodename>

Follow the instructions listed in Section Patch Post-Deinstallation Instructions for a Non Oracle RAC Environment only on the node for which the steps in Loading Modified SQL Files into the Database were executed during the patch application.

All other instances can be started and accessed as usual while you are executing the deinstallation steps.

For information about OPatch issues, see My Oracle Support Document 293369.1 OPatch documentation list.

For issues documented after the release of this PSU, see My Oracle Support Document 2394561.1 Oracle Database Patch Set Update 11.2.0.4.180717 Known Issues.

Other known issues are as follows.

Issue 1

The following ignorable errors may be encountered while running the catbundle.sql script or its rollback script:

ORA-00942: table or view does not exist
ORA-00955: name is already used by an existing object
ORA-01430: column being added already exists in table
ORA-01432: public synonym to be dropped does not exist
ORA-01434: private synonym to be dropped does not exist
ORA-01435: user does not exist
ORA-01917: user or role 'XDB' does not exist
ORA-01920: user name '<user-name>' conflicts with another user or role name
ORA-01921: role name '<role name>' conflicts with another user or role name
ORA-01927: cannot REVOKE privileges you did not grant
ORA-01952: system privileges not granted to 'WKSYS'
ORA-02303: cannot drop or replace a type with type or table dependents
ORA-02443: Cannot drop constraint - nonexistent constraint
ORA-04043: object <object-name> does not exist
ORA-06512: at line <line number>. (That is, if ORA-06512 follows any of preceding errors, it can be safely ignored.)
ORA-14452: attempt to create, alter or drop an index on temporary table already in use
ORA-29809: cannot drop an operator with dependent objects
ORA-29830: operator does not exist
ORA-29832: cannot drop or replace an indextype with dependent indexes
ORA-29844: duplicate operator name specified 
ORA-29931: specified association does not exist

Issue 2

Warnings may be returned during the re-link phase of 26392168. These warnings may be ignored.

warning: overriding commands for target `nmosudo'
warning: ignoring old commands for target `nmosudo'

See the following document for additional information.

Document 1562458.1 Relinking the DB Control 11.2.0.3 Agent Displays a Warning Message "overriding commands for target 'nmosudo'"

Issue 3

On HP-UX systems, the following ignorable warnings may be encountered during the relinking of the oracle binary:

WARNING:OUI-67215:
OPatch found the word "failed" in the stderr of the make command. Please look at this stderr. You can re-run this make command.
 
cc: warning 487: Possibly incorrect message catalog.
total_lntt_bytes is 0, assuming size of .debug_lntt
Failed to mmap lntt temp file.

Issue 4

On AIX systems, the following ignorable warnings may be encountered during the relinking of the oracle binary:

WARNING:OUI-67215:
OPatch found the word "failed" in the stderr of the make command.Please look at this stderr. You can re-run this make command.

ld: 0711-224 WARNING: Duplicate symbol: <symbol>
ld: 0711-345 WARNING: Duplicate symbol: <symbol>
ld: 0711-773 WARNING: Duplicate symbol: <symbol>
ld: 0711-783 WARNING: Duplicate symbol: <symbol>
ld: 0711-301 WARNING: Duplicate symbol: <symbol>
ld: 0711-415 WARNING: Duplicate symbol: <symbol>
ld: 0711-319 WARNING: Duplicate symbol: <symbol>

Issue 5

On IBM: Linux on System Z, the following ignorable warnings may be encountered during relinking of e2eme binary:

OUI-67215:
OPatch found the word "warning" in the stderr of
the make command.

Please look at this stderr. You can re-run this
make command.
Stderr output:
ins_emagent.mk:113: warning: overriding commands for target `nmosudo'
ins_emagent.mk:52: warning: ignoring old
commands for target `nmosudo'

Issue 6

If Oracle Database Vault is enabled, the following error can occur during the execution of the Post Installation or Deinstallation steps:

initjvmaux.drop_sros();
 
EXECUTE IMMEDIATE 'create or replace java system';
...
ORA-01031: insufficient privileges
ORA-06512: at "SYS.INITJVMAUX", line 535
ORA-06512: at line 3

To recover from this issue, see the following My Oracle Support Document 1935120.1 ORA-01031 during Post Install / De-install for Database PSU or OJVM PSU

Issue 7

When trying to install the Oracle Database Patch Set Update 11.2.0.4.160719, OPatch reports:

/refresh/home/app/oracle/product/11.2.0/client_1/rdbms/admin/orasdkbase_shrept.lst: No such file or directory
/usr/bin/ld: cannot open linker script file
/refresh/home/app/oracle/product/11.2.0/client_1/rdbms/admin/liborasdkbase.def: No such file or directory
  collect2: ld returned 1 exit status
/refresh/home/app/oracle/product/11.2.0/client_1/bin/genorasdksh: Failed to link liborasdkbase.so.11.1
make: *** [liborasdkbase] Error 1

Cause: BUG 24331924 - MISSING LIBORASDKBASE FROM 11.2.0.4 RUNTIME CLIENT

Solution: Follow these steps:

1. Apply patch 24331924.

2. Re-apply the PSU.

Issue 8

Problem: The permission of the library file $ORACLE_HOME/lib/libsqlplus.so may change from 644 to 640, after applying this PSU patch.

You may first notice this issue from the following error encountered from SQL*Plus through non-oracle user:

ld.so.1: sqlplus: fatal: …../lib/libsqlplus.so: Permission denied

This issue is discussed further in My Oracle Support Document 2201729.1. This issue is fixed in a future release Oracle Database 12c release 2 (12.2).

Workaround: For earlier versions, do the following:

Change the permission of the library file $ORACLE_HOME/lib/libsqlplus.so back to 644 to allow the non-oracle users and application users to connect.

Otherwise, apply the patch 22730454 on top of this PSU release.

The following documents are references for this patch.

Document 293369.1 OPatch documentation list

Document 360870.1 Impact of Java Security Vulnerabilities on Oracle Products

Document 1321267.1 Database Patch conflict resolution

Document 27734982.8 Database 11.2.0.4.180717 Patch Set Update (PSU)

Document 1611785.1 11.2.0.4 Patch Set Updates - List of Fixes in each PSU

Document 1561792.2 Troubleshooting Assistant: Patching Oracle Database/Client

See My Oracle Support Document 1611785.1 that documents all the non-security bugs fixed in each 11.2.0.4 Patch Set Update (PSU).

For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.