Friday, January 9, 2026

bsu.sh does not tell when a WebLogic patch was applied

Below line will produce report Report_Inventory.html showing the list of technology patches applied to 4 components (see Oracle Doc ID 1355068.1) in the instance. But it does not have timestamp for any WebLogic patches.

$ $ADPERLPRG $FND_TOP/patch/115/bin/TXKScript.pl -script=$FND_TOP/patch/115/bin/txkInventory.pl -txktop=$APPLTMP -outfile=$APPLTMP/Report_Inventory.html

bsu.sh does not give timestamp as well, and it even does not create a log file. So, below does not help on date tracking.
$ bsu.sh -report -bea_home=$FMW_HOME -output_format=text

Oracle Support says bsu.sh will be replaced by opatch to allow date tracking in the future development of technology stack, and asks to check Oracle EBS Tech blog and Doc ID 3000000.1.
Posted by at No comments:

Tuesday, December 2, 2025

October 2025 CPU patchset and CVE-2025-61882

Oracle emailed Security Alert CVE-2025-61882 out on Oct 5, 2025 and published Doc ID 3106344.1 (Security Alert CVE-2025-61882 Patch Availability Document for Oracle E-Business Suite) for it. The document first strongly recommends a set of patches 38501230, 38501349, 38501757 as hotfixes. Then, Oracle modified the document and recommended October 2025 CPU patch set or 6 hotfix patches 38507994, 38518258, 38523311, 38523302, and 38510732, 38501757.

I applied October 2025 CPU patch and found it includes all individual patches mentioned above. So, it is a good and clean way to fix CVE-2025-61882 vulnerabilities. Below are EBS patches I applied to my instances

38298685 12.2.0  Oct 2025 CPU
38261405 R12.FWK.C  Oracle Applications Framework
37450688 R12.OWF.C  Oracle Workflow
38180394 R12.FND.C  (prerequisite: OCT 2020 CPU: 31643029:12.2.0)
38510732 R12.XDO.C  BI Publisher (formerly XML Publisher)

Note ECPUC.sql only lists patches that are required or recommended by a CPU patch release but does NOT list prerequisites by each patch. For example, October 2025 CPU patch 38298685 requires R12.AD.C.DELTA.15 & R12.TXK.C.DELTA.15 (or higher) and so I had first to apply below two patches in instances that had AD and TXK Delta 14:

36119925 (R12.AD.C.DELTA.16) Built: JUL-16-2024
36117775 (R12.TXK.C.DELTA.16) Built: JUL-16-2024

Run new adgrants.sql as SYSDBA using 
SQL> @/path/to/adgrants.sql <APPS schema name>
$ adop phase=apply apply_mode=downtime patches=36119925,36303698,36989014,37988551 merge=yes patchtop=/path/to/Oct2025_CPU/AD workers=16 wait_on_failed_job=yes
$ adop phase=apply apply_mode=downtime patches=36117775,36641685,37500697 merge=yes patchtop=/path/to/Oct2025_CPU/TXK workers=16 wait_on_failed_job=yes

Detailed steps in applying patches in October 2025 CPU release are almost the same as in applying January 2025 patches.

To get the list of CVEs addressed by each CPU patchset, go to https://www.oracle.com/security-alerts and then click on the individual CPU release.




Posted by at No comments:

Tuesday, November 25, 2025

ADOP and adstrtal.sh may skip reading $HOME/.profile

When user applMgr on a primary node of RHEL8 runs ADOP to apply patches to slave/remote nodes or runs adstrtal.sh in allnodes mode to start EBS services on remote nodes, it does not read applMgr's .profile on remote nodes but get some OS settings from /etc/login.defs of the server instead. That makes some custom or important behaviors, such permission on file $CONTEXT_FILE or on files in $APPLCSF/out, inconsistent in a multi-node instance.

Two ways to avoid the problem:

1. Add line(s) to custom env file
$INST_TOP/appl/admin/custom$CONTEXT_NAME.env on remote nodes, e.g.
umask 0022
echo "this is for debug"

2. Comment out line(s), such as "# UMASK   077", in /etc/login.defs to force/make ADOP and adstrtal.sh get OS env settings from applMgr's .profile on remote nodes.

Similarly software tools, such as ftp & scp, also read OS env variables from file /etc/login.defs of server level. 
Posted by at No comments:

Sunday, October 19, 2025

How to retrieve WebLogic password in R12.2

WebLogic is used as part of Oracle EBS R12.2. "weblogic" account is used to start EBS services and is used to log onto WebLogic Admin console (at hostname.domain.com:s_wls_adminport). Its password is encrypted and saved on the file system. Here are two steps I ran in my R12.2 environments to decrypt it.

1. Identify WebLogic Domain path and boot.properties file

$ echo $EBS_DOMAIN_HOME
$RUN_BASE/FMW_Home/user_projects/domains/EBS_domain
$ cd $EBS_DOMAIN_HOME/servers/AdminServer/security
$ ls 
boot.properties
$ more boot.properties
username={AES}mE0mATL4+Lv/gLcIuuuuuuuuu=
password={AES}2kGMi4fcZ7FwYXWIxxxxxxxxx=

2. Run wlst.sh to decrypt the password

$ cd $FMW_HOME/wlserver_10.3/common/bin
$ ls
commEnv.sh       config.sh  security    startDerby.sh   stopDerby.sh  upgrade.sh     wlsifconfig.sh
config_builder.sh  pack.sh    setPatchEnv.sh  startManagedWebLogic.sh  unpack.sh     wlscontrol.sh  wlst.sh
$ sh wlst.sh
CLASSPATH=/u01/app/... ......
Initializing WebLogic Scripting Tool (WLST) ...
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
wls:/offline> domain = '$EBS_DOMAIN_HOME'   # <= replace the env variable with the real path
wls:/offline> service = weblogic.security.internal.SerializedSystemIni.getEncryptionService(domain)
wls:/offline> encryption = weblogic.security.internal.encryption.ClearOrEncryptedService(service)
wls:/offline> print "Weblogic server password is: %s" %encryption.decrypt("{AES}2kGMi4fcZ7FwYXWIxxxxxxxxx=")
Weblogic server password is: webLogicPWD
wls:/offline> ^C

If you get Java error, most likely you entered a wrong path or a wrong encrypted password/string.

My WebLogic version is 10.3.6.0.210119. It can be found by two lines:
$ . $FMW_HOME/wlserver_10.3/server/bin/setWLSEnv.sh
... ...
Your environment has been set.
$  java weblogic.version
... ...
WebLogic Server 10.3.6.0.210119 PSU Patch for ...
... ...
If you want to change weblogic password, please read How to change weblogic password
Posted by at No comments:

Wednesday, October 15, 2025

adcgnjar gets Java memory error

After custom Java code files are copied to EBS file system, adcgnjar gets Java error.

$ which adcgnjar
$AD_TOP//bin/adcgnjar

$ adcgnjar
Copyright (c) 2002, 2012 Oracle Corporation
Redwood Shores, California, USA
AD Custom Jar Generation
Version 12.2.0
... ...
About to Generate customall.jar : Fri Sep 26 2025 11:59:42

Exception in thread "main" java.lang.OutOfMemoryError: Java heap space
at oracle.apps.ad.jri.fwk.ZipFileResourceUnitArea.getResourceUnit(ZipFileResourceUnitArea.java:914)
at oracle.apps.ad.jri.fwk.JRIArchiveOutputUtils.scanAllResourceUnits(JRIArchiveOutputUtils.java:659)
at oracle.apps.ad.jri.fwk.JRIArchiveOutputUtils.updateJRIArchiveZip(JRIArchiveOutputUtils.java:285)
at oracle.apps.ad.jri.fwk.JRIArchiveOutputUtils.writeJRIArchive(JRIArchiveOutputUtils.java:218)
at oracle.apps.ad.jri.adjmx.mergeAndExtract(adjmx.java:1395)
at oracle.apps.ad.jri.adjmx.main(adjmx.java:592)
error:
Failed to generate customall.jar
Restoring customall.bak to customall.jar

The cause can be two reasons:
* Java application has a memory leak. There are tools like YourKit Java Profiler that help to identify such leaks.
* Java application really needs a lot of memory (more than 128 MB by default!). In this case the Java heap size can be increased using the following runtime parameters:
java -Xms<initial heap size> -Xmx<maximum heap size>

Add physical memory to server may not fix the problem. The EBS fix is an env variable, and then run adcgnjar again:
$ export JAVA_TOOL_OPTIONS="-verbose -Xmx2048M -Xms2048M"
 
The same error may occur in applying a patch by ADOP when "export" the env variable on command line does not avoid the error. The fix is to add that same line to file $APPL_TOP/admin/adovars.env (or custom env file) and then run the main env file.
Posted by at No comments:
Subscribe to: Comments (Atom)