English

ArcSDE 9.1 Reconcile and Post Patch

Summary

Custom reconcile and post applications written using ArcObjects are vulnerable to a defect that can create duplicate rows within a versioned table when a second session attempts to reconcile against the same version before the first process has exited (committed). This defect has been identified as being responsible for incidents where customers have experienced problems in opening geometric networks. The Patch also prevents the ArcSDE service from being affected by malicious connection packets.

Description


Issues Addressed with this Patch


    NIM007147 - Using custom ArcObjects to reconcile/post within an edit operation may cause data inconsistencies.

      Description

      Applications that start an Edit Operation, perform a Reconcile and then call Post or Stop Editing without explicitly stopping the Edit Operation are vulnerable to this defect. An example is when the version being reconciled transfers data to the result state, the changes are not committed to the database and a following post operation which relabels the source and target versions to reference the result state is committed. If another session reconciles against the same version during the time window when the data changes have not been committed, the transactional inconsistency can lead to duplicate rows.

      {Applications that stop any pending Edit Operations and call Reconcile and Post outside of an edit operation are not vulnerable to this defect. Applications that call Reconcile within an Edit Operation but explicitly stop the Edit Operation before calling Reconcile are not vulnerable to this defect.}

      The problem is specific to ArcGIS and ArcSDE 9.0, 9.1 with Oracle and has been addressed in ArcGIS 9.2.

      This issue can not be encountered when using the out-of-the-box ArcGIS tools.

    NIM007075 - The giomgr can be crashed by sending extra characters in the connectiion string.

      Description

      A security issue has been identified where it is theoretically possible for someone to create a connection packet that could cause the ArcSDE server to crash when using three tiered ArcSDE configurations (i.e., app server). Sending a maliciously-crafted connection packet to an ArcSDE service can crash the service. This will not happen under normal use of the software and we are unaware of any occasion when anyone has created one of these malicious packets. Therefore ESRI considers the risk of an attack to be very low. As a precaution ESRI has developed this patch to ArcSDE that will remove the ability for someone to create a malicious packet that could cause the system to crash and thereby secures the ArcSDE service against such an attack.

Installing the Patch

ArcSDE 9.1 General Update Patch 3 must be installed before you can install this Patch. It is strongly recommended that you back up your database including all previous ArcSDE system tables and user layer data before upgrading your ArcSDE installation. Install this Patch using your SDE user account.

REQUIRED INSTALL STEP: If you connect to ArcSDE 9.1 via an Application Server and Direct Connect connections using ArcGIS 9.1, ArcIMS 9.1, or ArcView GIS 3.3 with DBA 2.1g make sure you also see ESRI Products connecting to ArcSDE (Application and Direct Connect connections).

Server Install for UNIX

During installation, you can either save the original 9.1 files or overwrite them. If you choose to save them, make sure you have enough disk space. The disk space requirements, for each platform, are displayed during the installation process.

  1. Download the appropriate tar file to a location other than $SDEHOME:
  2. Oracle 8i  
    HP (coming soon)
    16 MB
    IBM sde91-reconcile-ora8i-ibm.tar
    10 MB
    Solaris sde91-reconcile-ora8i-slrs.tar
    10 MB
    Tru64 (coming soon)
    15 MB
       
    Oracle 9i  
    HP64 sde91-reconcile-ora9i-hp64.tar
    11 MB
    IBM64 sde91-reconcile-ora9i-ibm64.tar
    9 MB
    Linux sde91-reconcile-ora9i-lx.tar
    8 MB
    Solaris sde91-reconcile-ora9i-slrs.tar
    10 MB
    Solaris64 sde91-reconcile-ora9i-slrs64.tar
    11 MB
    Tru64 sde91-reconcile-ora9i-tru64.tar
    15 MB
       
    Oracle 10g  
    HP64 sde91-reconcile-ora10g-hp64.tar
    11 MB
    IBM64 sde91-reconcile-ora10g-ibm64.tar
    9 MB
    Linux sde91-reconcile-ora10g-lx.tar
    8 MB
    Solaris64 sde91-reconcile-ora10g-slrs64.tar
    11 MB

  3. Stop your current ArcSDE service.


  4. % sdemon -o shutdown

    NOTE (AIX only): You must remove any inactive libraries that are loaded into memory before proceeding to the next step. Not doing so will result in an installation error. To remove them, as ROOT user, type:

    # /usr/sbin/slibclean

    (Optional) To list the libraries loaded into memory, as ROOT user, type:

    # /usr/sbin/genkld

    For further information on the slibclean and genkld commands please refer to your AIX system administrator documentation.

  5. Extract the specified tar file by typing:


  6. % tar -xvf sde91-reconcile-<Database>-<Platform>.tar

  7. Start the installation by typing:


  8. % ./applypatch

    This will start the dialog for the menu-driven installation procedure. Default selections are noted in parentheses ( ). To quit the installation procedure, type 'q' at any time.

  9. (Oracle only) Before upgrading your Oracle instance, you must grant the following additional permissions to the SDE user in Oracle:


  10. ALTER ANY INDEX
    ALTER ANY TABLE
    ANALYZE ANY
    CREATE ANY INDEX
    CREATE ANY PROCEDURE
    CREATE ANY SEQUENCE
    CREATE ANY TRIGGER
    CREATE ANY VIEW
    CREATE SESSION
    DROP ANY INDEX
    DROP ANY TABLE
    DROP ANY VIEW
    DROP ANY PROCEDURE
    DROP ANY SEQUENCE
    EXECUTE ANY PROCEDURE
    SELECT ANY SEQUENCE
    SELECT ANY TABLE
    UNLIMITED TABLESPACE

    After the upgrade completes, you may revoke the following permissions from the SDE user account:

    ALTER ANY INDEX
    ALTER ANY TABLE
    ANALYZE ANY
    CREATE ANY INDEX
    CREATE ANY TRIGGER
    CREATE ANY VIEW
    DROP ANY INDEX
    DROP ANY TABLE
    DROP ANY VIEW
    DROP ANY PROCEDURE
    DROP ANY SEQUENCE
    EXECUTE ANY PROCEDURE
    SELECT ANY SEQUENCE

  11. To upgrade, run sdesetup<dbms>. Failure to do so may cause problems in starting the service or with connecting to the service. Using Oracle 9i as an example:


  12. % sdesetupora9i -o upgrade –u sde –p sdepassword

  13. Start your service again.


  14. % sdemon -o start

Server Install for Windows


Installation Steps


  1. Make sure you have write access to the ArcSDE installation folder, that no one is using ArcSDE, and that the ArcSDE service is down.


  2. Download the appropriate files to a location other than the ArcSDE installation folder:
  3. Oracle 8i  
    (coming soon) 2 MB
    Oracle 9i  
    sde91-reconcile-ora9i-win.exe 2 MB
    Oracle 10g  
    sde91-reconcile-ora10g-win.exe 2 MB

  4. Double-click the appropriate executable to start the install process.


  5. When Setup starts, follow the instructions on your screen.


  6. (Oracle only) Before upgrading your Oracle instance, you must grant the following additional permissions to the SDE user in Oracle:
  7. ALTER ANY INDEX
    ALTER ANY TABLE
    ANALYZE ANY
    CREATE ANY INDEX
    CREATE ANY PROCEDURE
    CREATE ANY SEQUENCE
    CREATE ANY TRIGGER
    CREATE ANY VIEW
    CREATE SESSION
    DROP ANY INDEX
    DROP ANY TABLE
    DROP ANY VIEW
    DROP ANY PROCEDURE
    DROP ANY SEQUENCE
    EXECUTE ANY PROCEDURE
    SELECT ANY SEQUENCE
    SELECT ANY TABLE
    UNLIMITED TABLESPACE

    After the upgrade completes, you may revoke the following permissions from the SDE user account:

    ALTER ANY INDEX
    ALTER ANY TABLE
    ANALYZE ANY
    CREATE ANY INDEX
    CREATE ANY TRIGGER
    CREATE ANY VIEW
    DROP ANY INDEX
    DROP ANY TABLE
    DROP ANY VIEW
    DROP ANY PROCEDURE
    DROP ANY SEQUENCE
    EXECUTE ANY PROCEDURE
    SELECT ANY SEQUENCE

  8. To upgrade, run sdesetup<dbms>. Failure to do so may cause problems in starting the service or with connecting to the service. Using Oracle 9i as an example:

    sdesetupora9i -o upgrade

  9. As the SDE user, run the following command to restart the ArcSDE service:

    sdemon -o start

ArcSDE SDK Install for UNIX


  1. Download the appropriate tar file to a location other than ArcSDE SDK installation location:
  2. All Databases (32 bit Operating System)  
    HP sde91-reconcile-sdk-hp.tar
    7 MB
    IBM sde91-reconcile-sdk-ibm.tar
    3 MB
    Linux sde91-reconcile-sdk-lx.tar
    4 MB
    Solaris sde91-reconcile-sdk-slrs.tar
    4 MB
       
    All Databases (64 bit Operating System)  
    HP64 sde91-reconcile-sdk-hp64.tar
    5 MB
    IBM64 sde91-reconcile-sdk-ibm64.tar
    5 MB
    Solaris64 sde91-reconcile-sdk-slrs64.tar
    4 MB
    Tru64 sde91-reconcile-sdk-tru64.tar
    10 MB

  3. Extract the specified tar file by typing:


  4. % tar -xvf sde91-reconcile-sdk-<Platform>.tar

  5. Start the installation by typing:


  6. % ./applypatch

    This will start the dialog for the menu-driven installation procedure. Default selections are noted in parentheses ( ). To quit the installation procedure, type 'q' at any time.

ArcSDE SDK Install for Windows


  1. Make sure you have write access to the ArcSDE SDK installation folder:.


  2. Download the appropriate files to a location other than the ArcSDE SDK installation folder:
  3. ArcSDE SDK sde91-reconcile-sdk-win.exe 4 MB

  4. Double-click the appropriate executable to start the install process.


  5. When Setup starts, follow the instructions on your screen.

ESRI Products connecting to ArcSDE (Application and Direct Connect connections).

    UNIX

    • If you connect to ArcSDE 9.1 using ArcGIS 9.1 Workstation or ArcIMS 9.1 on any supported Unix/Linux platform please follow the steps below to install this Patch to your ArcGIS 9.1 or ArcIMS 9.1 software installation directory. This also applies if connecting to ArcSDE 9.1 using ArcGIS Server, ArcGIS Engine, and ArcGIS Reader for Sun Solaris and Linux:

      • Before you start, make sure you have write access to the installation directory then download the appropriate compressed tar file to that location:

        HP sde91-reconcile-esri-hp.tar.Z
        7 MB
        IBM sde91-reconcile-esri-ibm.tar.Z
        3 MB
        Linux sde91-reconcile-esri-lx.tar.Z
        3 MB
        Solaris sde91-reconcile-esri-slrs.tar.Z
        4 MB
        Tru64 sde91-reconcile-esri-tru64.tar.Z
        10 MB

      • ArcIMS only, stop the ArcIMS Tasker, ArcIMS Monitor, ArcIMS Application Server (in that order).

      • Uncompress and extract the specified tar file for your platform. Ensure that the last letter of the file name is a capital Z. Otherwise, the uncompress command will not work. At the UNIX prompt type:

        %cd <installation_directory> (i.e. cd $ARCHOME)

        • <Workstation Installation Directory>/lib
        • <ArcIMS Installation Directory>/lib
        • <ArcGIS Server Installation Directory>/bin
        • <ArcGIS Engine Installation Directory>/bin
        • <ArcGIS Reader Installation Directory>/bin
        %uncompress sde91-reconcile-esri-<Platform>.tar.Z
        %tar xvf sde91-reconcile-esri-<Platform>.tar


      • ArcIMS only, restart ArcIMS Application Server, ArcIMS Monitor and ArcIMS Tasker (in that order).


    Windows

    • If you connect to ArcSDE 9.1 using ArcGIS 9.1, ArcIMS 9.1, ArcInfo Workstation 9.1, or ArcView GIS 3.3 with DBA 2.1g, please follow the steps below to install this Patch to your ArcGIS 9.1, ArcIMS 9.1, ArcInfo Workstation 9.1, or ArcView GIS 3.3 with DBA 2.1g installation folder:

    • Before you start, make sure you have write access to the installation folder, then download the zip file to that location:

      sde91-reconcile-esri-win.zip 4 MB

    • ArcIMS only, stop the ArcIMS Tasker, ArcIMS Monitor, ArcIMS Application Server (in that order).

    • Use WinZip to extract the new file from sde91-reconcile-esri-win.zip to the appropriate installation folder, see list below:

      • ArcGIS Desktop, Server, Engine, Reader, or ArcView 9 - <installation-folder>\arcgis\bin
      • ArcGIS Workstation - <installation-folder>\arcexe9x\bin
      • ArcView GIS - <installation-folder>\av_gis30\arcview\(bin32 & DCONNECT\LIB)
      • Depending on the ArcIMS Setup features installed, the SDE client file could be located in one or more of the following locations:
        • C:\Program Files\ArcGIS\bin
        • C:\Program Files\ArcGIS\ArcIMS\IndexBuilder
        • C:\Program Files\ArcGIS\ArcIMS\Metadata\Commands
        • C:\Program Files\ArcGIS\ArcIMS\Server\bin

    • ArcIMS only, restart ArcIMS Application Server, ArcIMS Monitor and ArcIMS Tasker (in that order).

How to identify which Patch is installed


    UNIX

    To find out what ArcGIS products are currently installed on your machine, download and extract the PatchFinder.tar and run PatchFinder utility from your local machine. This utility provides a report detailing which ArcGIS products and which service packs have been installed. The PatchFinder utility searches for the following ArcGIS products.


      ArcGIS Engine Runtime
      ArcGIS Reader
      ArcGIS Server
      ArcIMS
      ArcInfo Workstation
      ArcSDE

    Extract the tar file by typing:


    % tar xvf PatchFinder.tar

    Run the utility by typing:


    % ./PatchFinder

    Windows

    To check for the presence of a Patch, for each file examine the unique identification information provided (right click, properties, version tab, item name, QFE Version). With only a few exceptions, all files modified as part of a Patch distribution can be uniquely identified in this manner. The identification string for this Patch should read:

      QFE-SDE-91-CQ00304002

Patch Updates

Check the Online Support Center periodically for the availability of additional Patches or Service Packs. New information about this Patch will be posted here.

    UPDATE 4/6/2007 - Now Available:

    • The ArcSDE Oracle9i download for Linux.

    UPDATE 4/5/2007 - Now Available:

    • The ArcSDE Oracle9i downloads for HP and Tru64.
    • The ArcSDE Oracle10g downloads for HP64 and Linux.
    • The ArcSDE SDK downloads for HP, HP64, Linux and Tru64.
    • The ArcSDE ESRI Products downloads for HP, Linux and Tru64.

    UPDATE 4/3/2007 - Now Available:

    • The ArcSDE Oracle9i download for Windows.
    • The ArcSDE Oracle10g download for Windows.
    • The ArcSDE SDK and ESRI Products downloads for Windows.

Getting Help

Domestic sites, please contact ESRI Technical Support at 1-888-377-4575, if you have any difficulty installing this Patch. International sites, please contact your local ESRI software distributor.