The FPUpdater tool allows you to update installed Java Development Kit (JDK) and Java Runtime Environment (JRE) software to address the hang that occurs when parsing strings like "2.2250738585072012e-308" to a binary floating point number, as described in Security Alert for CVE-2010-4476 Released.
The FPUpdater tool is recommended for the Oracle JRE releases shown in the following table:
|J2SE 1.4.2||Required for updates prior to, and including, 1.4.2_29|
|J2SE 5.0||Required for updates prior to, and including, 5.0u27|
|J2SE for Embedded 5.0||Required for updates prior to, and including, 5.0u27|
|Java SE 6||Required for updates prior to, and including, 6u23|
|Java SE for Embedded 6||Required for updates prior to, and including, 6u23|
|Java Real-Time System 2||Required for updates prior to, and including, 2.2u1|
|JRockit R27||Required for updates prior to, and including, R27.6.8|
|JRockit R28||Required for updates prior to, and including, R28.1.1|
An Oracle binary lists one of the following entities in the
java.vendor property value.
When running the FPUpdater tool against a non-Oracle binary, it reports the JRE Vendor and exits without performing the update. Please contact your JRE Vendor for support of non-Oracle JREs.
The FPUpdater tool is not intended for use on systems managed through auto-update as this will disable future auto-updates. We recommend that you wait until the next Critical Patch Update (CPU) when you can update your installation by going to http://java.com/latest.
Download the FPUpdater tool bundle archive into a local directory and unzip it.
The FPUpdater tool modifies the JRE/JDK software instance that is used to execute the tool. If you run more than one instance of the JRE, for example if you have an instance of the JRE inside a JDK bundle and another standalone JRE, you need to run the tool against each instance to update them.
<JRE_HOME> value specifies the path to the JRE to be altered. You should ensure that you have sufficient privileges to modify the
<JRE_HOME>/lib directory. If you do not have sufficient privileges to modify the directory, contact your system administrator.
As a result of running the tool, the
<JRE_HOME>/lib/rt.jar file is modified and the tool leaves behind the following files:
<JRE_HOME>/lib/rt.jar.fpupdater Copy of
rt.jar before the fix.
<JRE_HOME>/lib/.fpupdater.log Zero-length file indicating that the update has taken place.
If either of these two files are already present, the tool will not perform the update and exits with a warning.
fpupdater tool with the following command.
<JRE_HOME>/bin/java -jar fpupdater.jar -u -v
||Print the usage to
||Show the FPUpdater tool version number and exit.|
||Update the floating point parsing classes.|
||Display detailed messages to
||Run verification tests only and exit. If the JRE has already been updated or the tool encounters any other problems, the verification test reports the error(s) and fails.|
-t options should be run as separate commands.
Prior to updating the necessary files, the FPUpdater tool will make a best effort to ensure that it's running in an environment where it has sufficient access privileges and disk space to perform the update successfully. Any issues encountered with such checks will be flagged to the user and the update operation will be aborted.
If the FPUpdater tool update operation is interrupted for any reason, the rollback procedure should be followed before reattempting any patching or test verification via the
Shut Down JRE Instances Prior to Update
Prior to running the FPUpdater tool, you should stop all the software running on the JRE instance. Cached instances of the files to be updated may exist in running JRE software processes if you do not shut down the JRE software before running the FPUpdater tool. Restart the JRE software and/or associated applications after the FPUpdater tool has completed its work.
Forcing a Patch
To force a patch to a JRE/JDK that has been patched, follow the rollback procedure and run the FPUpdator tool in update mode.
Early Access Releases
By design, the tool does not update a JRE that does not require updating, such as a revision later than those listed in the System Requirements table. If you are running an early access (or
-ea) version of a later JRE (for example, 1.5.0_29-ea) the required update may not be in place, but the tool may incorrectly assume that the update is not required. The final version of these releases will contain the fix.
Updating a Patched JRE/JDK
Updating a patched JRE/JDK to a version earlier than those listed in the System Requirements table, for example updating from a patched 6u21 to 6u22, will undo the patch. In this event, run the tool against the updated JRE/JDK, after removing the two files left by the previous installation:% rm <JRE_HOME>/lib/rt.jar.fpupdater % rm <JRE_HOME>/lib/.fpupdater.log
When updating to any version released after the Feb 15th, 2011 Critical Patch Update (CPU), the fix is already included in the updated JRE/JDK.
Installing a JRE/JDK to a Previously Patched Directory
If you install a JRE/JDK to a directory that was previously patched via the FPUpater tool, you should ensure that the two backup files referred to in the rollback procedure (
.fpupdater.log) are first removed, as shown in the preceding paragraph. Installing a JRE/JDK will undo the patch that may have been performed previously by the FPUpdater tool for that JRE/JDK installation.
FPUpdater is a Java tool that does not address platform-specific software management issues. For example, on a Windows system, this means that the additional and backup files created by the tool will not be removed during an uninstall. To uninstall a patched JRE/JDK, you should ensure that the additional backup files (
.fpupdater.log) are first removed so the uninstaller can perform correctly.
On Windows based systems, patching the system may take several minutes.
If Auto-Update is run on a JRE on which FPUpdater, has been applied, the installation of that update will fail. The download will take place as normal. Then the user will see a series of error messages.
- Warning: lib/rt.jar: Old File not found. However, a file of the same name was found. No update done since file contents do not match.
- Error: Java(TM) Update fails to apply changes to your system.
- Java Setup: Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor.
- Java Setup: Installation Failed
To resolve this, the Offline installer should be downloaded and installed. If a release prior to 6u24 is installed, the FPUpdater tool will need to be run again to patch the newly installed JRE.
Windows 1.4.2 JRE/JDK Update Issue
Windows may throw an exception once the Java libraries are updated. You can ignore this message as the error occurs after the update has been completed. You can confirm that the update was successful by running the verification test included in the FPUpdater tool.
The FPUpdater tool requires administrative permissions. On Windows Vista or Windows Server 2003 or higher, the UAC (User Account Control) feature may prevent the FPUpdater tool from writing to the file system. The UAC feature should be temporarily disabled, and the command prompt should be run in Administrator mode. To disable UAC, open the Control Panel, and type in “UAC” into the search box. You’ll see a link for “Turn User Account Control (UAC) on or off” or “Change User Account Control settings”. Depending on the Windows version, remove the check in the check box or drag the slider down, then select “OK”. Enable UAC once you have run the FPUpdater tool. To run cmd in Administrator mode, in the run box type cmd. Rather than pressing the Enter key, use Ctrl+Shift+Enter. You may be prompted with a UAC dialog, click on Yes. The command prompt opens in Administrator mode.
Before attempting to remove a JRE/JDK that
fpupdaterhas been applied to, first remove the
rt.jar.fpupdaterfiles. Failing to remove these files might cause the installer to stop with the following error:directory $JAVA_DIR/jre/lib/ is not removed because fpupdater files are still there. .fpupdater.log rt.jar.fpupdater
Restrictive umask settings on Solaris
The FPUpdater tool creates files with default file permissions. On the Solaris operating system, this is taken from the
umask. A default
022should be used when running the FPUdpater tool. A more restrictive
umask, such as
077, causes the tool to create files that are unreadable by other users. To solve this problem, manually change the file permissions after the installation.
Virtualized SystemsVirtualized environments might experience additional delays when updating.
You must manually undo the changes. For example, on UNIX, first shutdown all apps using the JRE/JDK in question and perform the following commands:
$ cd <JRE_HOME>/lib $ mv rt.jar.fpupdater rt.jar
.fpupdater.log file is present, remove it:
$ rm .fpupdater.log
These steps revert the JRE to the
rt.jar file used prior to running the tool.