FPUpdater Tool README

 

Contents

Introduction

The FPUpdater tool allows you to update installed Java Development Kit (JDK) and Java Runtime Environment (JRE) software to address the hang that occurs when parsing strings like "2.2250738585072012e-308" to a binary floating point number, as described in Security Alert for CVE-2010-4476 Released.

System Requirements

The FPUpdater tool is recommended for the Oracle JRE releases shown in the following table:

JRE/JDK Release Comments
J2SE 1.4.2 Required for updates prior to, and including, 1.4.2_29
J2SE 5.0 Required for updates prior to, and including, 5.0u27
J2SE for Embedded 5.0 Required for updates prior to, and including, 5.0u27
Java SE 6 Required for updates prior to, and including, 6u23
Java SE for Embedded 6 Required for updates prior to, and including, 6u23
Java Real-Time System 2 Required for updates prior to, and including, 2.2u1
JRockit R27 Required for updates prior to, and including, R27.6.8
JRockit R28 Required for updates prior to, and including, R28.1.1

 

An Oracle binary lists one of the following entities in the java.vendor property value.

  • BEA Systems, Inc.
  • Oracle Corporation
  • Sun Microsystems Inc

When running the FPUpdater tool against a non-Oracle binary, it reports the JRE Vendor and exits without performing the update. Please contact your JRE Vendor for support of non-Oracle JREs.

The FPUpdater tool is not intended for use on systems managed through auto-update as this will disable future auto-updates. We recommend that you wait until the next Critical Patch Update (CPU) when you can update your installation by going to http://java.com/latest.

 

Installation

Download the FPUpdater tool bundle archive into a local directory and unzip it.

Usage

The FPUpdater tool modifies the JRE/JDK software instance that is used to execute the tool. If you run more than one instance of the JRE, for example if you have an instance of the JRE inside a JDK bundle and another standalone JRE, you need to run the tool against each instance to update them.

The <JRE_HOME> value specifies the path to the JRE to be altered. You should ensure that you have sufficient privileges to modify the <JAVA_HOME>/jre/lib or <JRE_HOME>/lib directory. If you do not have sufficient privileges to modify the directory, contact your system administrator.

As a result of running the tool, the <JRE_HOME>/lib/rt.jar file is modified and the tool leaves behind the following files:

    <JRE_HOME>/lib/rt.jar.fpupdater   Copy of rt.jar before the fix.
    <JRE_HOME>/lib/.fpupdater.log       Zero-length file indicating that the update has taken place.

If either of these two files are already present, the tool will not perform the update and exits with a warning.

Run the fpupdater tool with the following command.

      <JRE_HOME>/bin/java -jar fpupdater.jar -u -v

 

Options

Option Description
-h, --help Print the usage to stdout and exit. Other options are ignored if you specify this option.
-V, --version Show the FPUpdater tool version number and exit.
-u, --update Update the floating point parsing classes.
-v, --verbose Display detailed messages to stdout during update or test option. The name of the JRE being modified is displayed.
-t, --test Run verification tests only and exit. If the JRE has already been updated or the tool encounters any other problems, the verification test reports the error(s) and fails.

Note the -u and -t options should be run as separate commands.

Error Handling

Prior to updating the necessary files, the FPUpdater tool will make a best effort to ensure that it's running in an environment where it has sufficient access privileges and disk space to perform the update successfully. Any issues encountered with such checks will be flagged to the user and the update operation will be aborted.

If the FPUpdater tool update operation is interrupted for any reason, the rollback procedure should be followed before reattempting any patching or test verification via the -t option.

General Information

Shut Down JRE Instances Prior to Update
Prior to running the FPUpdater tool, you should stop all the software running on the JRE instance. Cached instances of the files to be updated may exist in running JRE software processes if you do not shut down the JRE software before running the FPUpdater tool. Restart the JRE software and/or associated applications after the FPUpdater tool has completed its work.

Forcing a Patch
To force a patch to a JRE/JDK that has been patched, follow the rollback procedure and run the FPUpdator tool in update mode.

Early Access Releases
By design, the tool does not update a JRE that does not require updating, such as a revision later than those listed in the System Requirements table. If you are running an early access (or -ea) version of a later JRE (for example, 1.5.0_29-ea) the required update may not be in place, but the tool may incorrectly assume that the update is not required. The final version of these releases will contain the fix.

Updating a Patched JRE/JDK
Updating a patched JRE/JDK to a version earlier than those listed in the System Requirements table, for example updating from a patched 6u21 to 6u22, will undo the patch. In this event, run the tool against the updated JRE/JDK, after removing the two files left by the previous installation:

    % rm <JRE_HOME>/lib/rt.jar.fpupdater
    % rm <JRE_HOME>/lib/.fpupdater.log

When updating to any version released after the Feb 15th, 2011 Critical Patch Update (CPU), the fix is already included in the updated JRE/JDK.

Installing a JRE/JDK to a Previously Patched Directory
If you install a JRE/JDK to a directory that was previously patched via the FPUpater tool, you should ensure that the two backup files referred to in the rollback procedure (rt.jar.fpupdater and .fpupdater.log) are first removed, as shown in the preceding paragraph. Installing a JRE/JDK will undo the patch that may have been performed previously by the FPUpdater tool for that JRE/JDK installation.

System-Specific Information

FPUpdater is a Java tool that does not address platform-specific software management issues. For example, on a Windows system, this means that the additional and backup files created by the tool will not be removed during an uninstall. To uninstall a patched JRE/JDK, you should ensure that the additional backup files (rt.jar.fpupdater and .fpupdater.log) are first removed so the uninstaller can perform correctly.

Windows

On Windows based systems, patching the system may take several minutes.

If Auto-Update is run on a JRE on which FPUpdater, has been applied, the installation of that update will fail. The download will take place as normal. Then the user will see a series of error messages.

  1. Warning: lib/rt.jar: Old File not found. However, a file of the same name was found. No update done since file contents do not match.
  2. Error: Java(TM) Update fails to apply changes to your system.
  3. Java Setup: Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor.
  4. Java Setup: Installation Failed


To resolve this, the Offline installer should be downloaded and installed. If a release prior to 6u24 is installed, the FPUpdater tool will need to be run again to patch the newly installed JRE.

Windows 1.4.2 JRE/JDK Update Issue
Windows may throw an exception once the Java libraries are updated. You can ignore this message as the error occurs after the update has been completed. You can confirm that the update was successful by running the verification test included in the FPUpdater tool.

Windows UAC
The FPUpdater tool requires administrative permissions. On Windows Vista or Windows Server 2003 or higher, the UAC (User Account Control) feature may prevent the FPUpdater tool from writing to the file system. The UAC feature should be temporarily disabled, and the command prompt should be run in Administrator mode. To disable UAC, open the Control Panel, and type in “UAC” into the search box. You’ll see a link for “Turn User Account Control (UAC) on or off” or “Change User Account Control settings”. Depending on the Windows version, remove the check in the check box or drag the slider down, then select “OK”. Enable UAC once you have run the FPUpdater tool. To run cmd in Administrator mode, in the run box type cmd. Rather than pressing the Enter key, use Ctrl+Shift+Enter. You may be prompted with a UAC dialog, click on Yes. The command prompt opens in Administrator mode.

Windows Uninstaller
Before attempting to remove a JRE/JDK that fpupdater has been applied to, first remove the .fpupdater.log and rt.jar.fpupdater files. Failing to remove these files might cause the installer to stop with the following error:

 directory $JAVA_DIR/jre/lib/ is not removed because fpupdater files 
 are still there.
  .fpupdater.log
  rt.jar.fpupdater

 

Solaris

Restrictive umask settings on Solaris
The FPUpdater tool creates files with default file permissions. On the Solaris operating system, this is taken from the umask. A default umask of 022 should be used when running the FPUdpater tool. A more restrictive umask, such as 077, causes the tool to create files that are unreadable by other users. To solve this problem, manually change the file permissions after the installation.

Virtualized Systems

Virtualized environments might experience additional delays when updating.

 

Rolling Back FPUpdater Tool Changes

You must manually undo the changes. For example, on UNIX, first shutdown all apps using the JRE/JDK in question and perform the following commands:

    $ cd <JRE_HOME>/lib
    $ mv rt.jar.fpupdater rt.jar

If the .fpupdater.log file is present, remove it:

    $ rm .fpupdater.log

 

These steps revert the JRE to the rt.jar file used prior to running the tool.