A patch is a set of changes to a
computer program
A computer program is a sequence or set of instructions in a programming language for a computer to execute. Computer programs are one component of software, which also includes documentation and other intangible components.
A computer program ...
or its supporting data designed to update, fix, or improve it.
This includes fixing
security vulnerabilities
Vulnerabilities are flaws in a computer system that weaken the overall security of the device/system. Vulnerabilities can be weaknesses in either the hardware itself, or the software that runs on the hardware. Vulnerabilities can be exploited by ...
and other
bugs, with such patches usually being called bugfixes or bug fixes. Patches are often written to improve the functionality,
usability
Usability can be described as the capacity of a system to provide a condition for its users to perform the tasks safely, effectively, and efficiently while enjoying the experience. In software engineering, usability is the degree to which a soft ...
, or
performance
A performance is an act of staging or presenting a play, concert, or other form of entertainment. It is also defined as the action or process of carrying out or accomplishing an action, task, or function.
Management science
In the work place ...
of a program. The majority of patches are provided by software vendors for operating system and application updates.
Patches may be installed either under programmed control or by a human programmer using an editing tool or a
debugger
A debugger or debugging tool is a computer program used to software testing, test and debugging, debug other programs (the "target" program). The main use of a debugger is to run the target program under controlled conditions that permit the pr ...
. They may be applied to program files on a storage device, or in computer memory. Patches may be permanent (until patched again) or temporary.
Patching makes possible the modification of compiled and machine language object programs when the source code is unavailable. This demands a thorough understanding of the inner workings of the object code by the person creating the patch, which is difficult without close study of the source code. Someone unfamiliar with the program being patched may install a patch using a patch utility created by another person who is the Admin. Even when the source code is available, patching makes possible the installation of small changes to the object program without the need to recompile or reassemble. For minor changes to software, it is often easier and more economical to distribute patches to users rather than redistributing a newly recompiled or reassembled program.
Although meant to fix problems, poorly designed patches can sometimes introduce new problems (see
software regression
A software regression is a type of software bug where a feature that has worked before stops working. This may happen after changes are applied to the software's source code, including the addition of new features and bug fixes. They may also be in ...
s). In some special cases updates may knowingly break the functionality or disable a device, for instance, by removing components for which the update provider is no longer licensed.
Patch management is a part of
lifecycle management, and is the process of using a strategy and plan of what patches should be applied to which systems at a specified time.
Types
Binary patches
Patches for
proprietary software
Proprietary software is software that is deemed within the free and open-source software to be non-free because its creator, publisher, or other rightsholder or rightsholder partner exercises a legal monopoly afforded by modern copyright and int ...
are typically distributed as
executable file
In computing, executable code, an executable file, or an executable program, sometimes simply referred to as an executable or binary, causes a computer "to perform indicated tasks according to encoded instructions", as opposed to a data file ...
s instead of
source code
In computing, source code, or simply code, is any collection of code, with or without comments, written using a human-readable programming language, usually as plain text. The source code of a program is specially designed to facilitate the wo ...
. When executed these files load a program into memory which manages the installation of the patch code into the target program(s) on disk.
Patches for other software are typically distributed as data files containing the patch code. These are read by a patch
utility program
Utility software is software designed to help analyze, configure, optimize or maintain a computer. It is used to support the computer infrastructure - in contrast to application software, which is aimed at directly performing tasks that benefit ord ...
which performs the installation. This utility modifies the target program's executable file—the program's
machine code
In computer programming, machine code is any low-level programming language, consisting of machine language instructions, which are used to control a computer's central processing unit (CPU). Each instruction causes the CPU to perform a very ...
—typically by overwriting its bytes with bytes representing the new patch code. If the new code will fit in the space (number of bytes) occupied by the old code, it may be put in place by overwriting directly over the old code. This is called an inline patch. If the new code is bigger than the old code, the patch utility will append load record(s) containing the new code to the object file of the target program being patched. When the patched program is run, execution is directed to the new code with branch instructions (jumps or calls) patched over the place in the old code where the new code is needed. On early 8-bit microcomputers, for example the Radio Shack
TRS-80
The TRS-80 Micro Computer System (TRS-80, later renamed the Model I to distinguish it from successors) is a desktop microcomputer launched in 1977 and sold by Tandy Corporation through their Radio Shack stores. The name is an abbreviation of '' ...
, the operating system includes a PATCH/CMD utility which accepts patch data from a text file and applies the fixes to the target program's executable binary file(s).
The patch code must have place(s) in memory to be executed at runtime. Inline patches are no difficulty, but when additional memory space is needed the programmer must improvise. Naturally if the patch programmer is the one who first created the code to be patched, this is easier. Savvy programmers plan in advance for this need by reserving memory for later expansion, left unused when producing their final iteration. Other programmers not involved with the original implementation, seeking to incorporate changes at a later time, must find or make space for any additional bytes needed. The most fortunate possible circumstance for this is when the routine to be patched is a distinct module. In this case the patch programmer need merely adjust the pointers or length indicators that signal to other system components the space occupied by the module; he is then free to populate this memory space with his expanded patch code. If the routine to be patched does not exist as a distinct memory module, the programmer must find ways to shrink the routine to make enough room for the expanded patch code. Typical tactics include shortening code by finding more efficient sequences of instructions (or by redesigning with more efficient algorithms), compacting message strings and other data areas, externalizing program functions to mass storage (such as disk overlays), or removal of program features deemed less important than the changes to be installed with the patch.
Small in-memory machine code patches can be manually applied with the system debug utility, such as
CP/M
CP/M, originally standing for Control Program/Monitor and later Control Program for Microcomputers, is a mass-market operating system created in 1974 for Intel 8080/ 85-based microcomputers by Gary Kildall of Digital Research, Inc. Initial ...
's DDT or
MS-DOS
MS-DOS ( ; acronym for Microsoft Disk Operating System, also known as Microsoft DOS) is an operating system for x86-based personal computers mostly developed by Microsoft. Collectively, MS-DOS, its rebranding as IBM PC DOS, and a few ope ...
's DEBUG debuggers. Programmers working in interpreted
BASIC
BASIC (Beginners' All-purpose Symbolic Instruction Code) is a family of general-purpose, high-level programming languages designed for ease of use. The original version was created by John G. Kemeny and Thomas E. Kurtz at Dartmouth College ...
often used the POKE command to alter the functionality of a system service routine or the interpreter itself.
Source code patches
Patches can also circulate in the form of source code modifications. In this case, the patches usually consist of textual differences between two source code files, called "
diff
In computing, the utility diff is a data comparison tool that computes and displays the differences between the contents of files. Unlike edit distance notions used for other purposes, diff is line-oriented rather than character-oriented, but it ...
s". These types of patches commonly come out of
open-source software project
Open-source software development (OSSD) is the process by which open-source software, or similar software whose source code is publicly available, is developed by an open-source software project. These are software products available with its sourc ...
s. In these cases, developers expect users to compile the new or changed files themselves.
Large patches
Because the word "patch" carries the connotation of a small fix, large fixes may use different nomenclature. Bulky patches or patches that significantly change a program may circulate as "
service pack
In computing, a service pack comprises a collection of updates, fixes, or enhancements to a software program delivered in the form of a single installable package. Companies often release a service pack when the number of individual patches to a ...
s" or as "software updates".
Microsoft Windows NT and its successors (including
Windows 2000
Windows 2000 is a major release of the Windows NT operating system developed by Microsoft and oriented towards businesses. It was the direct successor to Windows NT 4.0, and was Software release life cycle#Release to manufacturing (RTM), releas ...
,
Windows XP
Windows XP is a major release of Microsoft's Windows NT operating system. It was release to manufacturing, released to manufacturing on August 24, 2001, and later to retail on October 25, 2001. It is a direct upgrade to its predecessors, Wind ...
,
Windows Vista
Windows Vista is a major release of the Windows NT operating system developed by Microsoft. It was the direct successor to Windows XP, which was released five years before, at the time being the longest time span between successive releases of ...
and
Windows 7
Windows 7 is a major release of the Windows NT operating system developed by Microsoft. It was released to manufacturing on July 22, 2009, and became generally available on October 22, 2009. It is the successor to Windows Vista, released nearly ...
) use the "service pack" terminology. Historically,
IBM used the terms "FixPaks" and "Corrective Service Diskette" to refer to these updates.
History
Historically, software suppliers distributed patches on
paper tape
Five- and eight-hole punched paper tape
Paper tape reader on the Harwell computer with a small piece of five-hole tape connected in a circle – creating a physical program loop
Punched tape or perforated paper tape is a form of data storage ...
or on
punched cards
A punched card (also punch card or punched-card) is a piece of stiff paper that holds digital data represented by the presence or absence of holes in predefined positions. Punched cards were once common in data processing applications or to d ...
, expecting the recipient to cut out the indicated part of the original tape (or deck), and patch in (hence the name) the replacement segment. Later patch distributions used magnetic tape. Then, after the invention of removable disk drives, patches came from the software developer via a
disk
Disk or disc may refer to:
* Disk (mathematics), a geometric shape
* Disk storage
Music
* Disc (band), an American experimental music band
* ''Disk'' (album), a 1995 EP by Moby
Other uses
* Disk (functional analysis), a subset of a vector sp ...
or, later,
CD-ROM
A CD-ROM (, compact disc read-only memory) is a type of read-only memory consisting of a pre-pressed optical compact disc that contains data. Computers can read—but not write or erase—CD-ROMs. Some CDs, called enhanced CDs, hold both comput ...
via
mail
The mail or post is a system for physically transporting postcards, letter (message), letters, and parcel (package), parcels. A postal service can be private or public, though many governments place restrictions on private systems. Since the mid ...
. With widely available
Internet
The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a '' network of networks'' that consists of private, pub ...
access,
download
In computer networks, download means to ''receive'' data from a remote system, typically a server such as a web server, an FTP server, an email server, or other similar system. This contrasts with uploading, where data is ''sent to'' a remote s ...
ing patches from the developer's
web site
A website (also written as a web site) is a collection of web pages and related content that is identified by a common domain name and published on at least one web server. Examples of notable websites are Google, Facebook, Amazon, and Wikipe ...
or through automated software updates became often available to the end-users. Starting with Apple's
Mac OS 9
Mac OS 9 is the ninth major release of Apple Inc., Apple's classic Mac OS operating system which was succeeded by macOS, Mac OS X (renamed to OS X in 2011 and macOS in 2016) in 2001. Introduced on October 23, 1999, it was promoted by Apple as "T ...
and Microsoft's
Windows ME
Windows Millennium Edition, or Windows Me (marketed with the pronunciation of the pronoun "me"), is an operating system developed by Microsoft as part of its Windows 9x family of Microsoft Windows operating systems. It is the successor to Windo ...
, PC operating systems gained the ability to get automatic software updates via the Internet.
Computer programs can often coordinate patches to update a target program. Automation simplifies the end-user's task they need only to execute an update program, whereupon that program makes sure that updating the target takes place completely and correctly. Service packs for
Microsoft Windows NT
Windows NT is a proprietary graphical operating system produced by Microsoft, the first version of which was released on July 27, 1993. It is a processor-independent, multiprocessing and multi-user operating system.
The first version of Window ...
and its successors and for many commercial software products adopt such automated strategies.
Some programs can update themselves via the
Internet
The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a '' network of networks'' that consists of private, pub ...
with very little or no intervention on the part of users. The maintenance of
server
Server may refer to:
Computing
*Server (computing), a computer program or a device that provides functionality for other programs or devices, called clients
Role
* Waiting staff, those who work at a restaurant or a bar attending customers and su ...
software and of
operating system
An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs.
Time-sharing operating systems schedule tasks for efficient use of the system and may also in ...
s often takes place in this manner. In situations where system administrators control a number of computers, this sort of automation helps to maintain consistency. The application of security patches commonly occurs in this manner.
Application
The size of patches may vary from a few
byte
The byte is a unit of digital information that most commonly consists of eight bits. Historically, the byte was the number of bits used to encode a single character of text in a computer and for this reason it is the smallest addressable unit ...
s to hundreds of
megabyte
The megabyte is a multiple of the unit byte for digital information. Its recommended unit symbol is MB. The unit prefix ''mega'' is a multiplier of (106) in the International System of Units (SI). Therefore, one megabyte is one million bytes o ...
s; thus, more significant changes imply a larger size, though this also depends on whether the patch includes entire files or only the changed portion(s) of files. In particular, patches can become quite large when the changes add or replace non-program data, such as graphics and sounds files. Such situations commonly occur in the patching of
computer game
Video games, also known as computer games, are electronic games that involves interaction with a user interface or input device such as a joystick, game controller, controller, computer keyboard, keyboard, or motion sensing device to gener ...
s. Compared with the initial installation of software, patches usually do not take long to apply.
In the case of
operating system
An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs.
Time-sharing operating systems schedule tasks for efficient use of the system and may also in ...
s and
computer server
In computing, a server is a piece of computer hardware or software (computer program) that provides functionality for other programs or devices, called " clients". This architecture is called the client–server model. Servers can provide variou ...
software, patches have the particularly important role of fixing security holes. Some critical patches involve issues with drivers. Patches may require prior application of other patches, or may require prior or concurrent updates of several independent software components. To facilitate updates, operating systems often provide automatic or semi-automatic updating facilities. Completely automatic updates have not succeeded in gaining widespread popularity in corporate computing environments, partly because of the aforementioned glitches, but also because administrators fear that software companies may gain unlimited control over their computers.
Package management system
A package manager or package-management system is a collection of software tools that automates the process of installing, upgrading, configuring, and removing computer programs for a computer in a consistent manner.
A package manager deals w ...
s can offer various degrees of patch automation.
Usage of completely automatic updates has become far more widespread in the consumer market, due largely to the fact that
Microsoft Windows
Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...
added support for them, and
Service Pack 2 of Windows XP (available in 2004) enabled them by default. Cautious users, particularly system administrators, tend to put off applying patches until they can verify the stability of the fixes. Microsoft
(W)SUS supports this. In the cases of large patches or of significant changes, distributors often limit availability of patches to qualified developers as a
beta test
A software release life cycle is the sum of the stages of development and maturity for a piece of computer software ranging from its initial development to its eventual release, and including updated versions of the released version to help impro ...
.
Applying patches to
firmware
In computing, firmware is a specific class of computer software that provides the low-level control for a device's specific hardware. Firmware, such as the BIOS of a personal computer, may contain basic functions of a device, and may provide h ...
poses special challenges, as it often involves the provisioning of totally new firmware images, rather than applying only the differences from the previous version. The patch usually consists of a firmware image in form of binary data, together with a supplier-provided special program that replaces the previous version with the new version; a
motherboard
A motherboard (also called mainboard, main circuit board, mb, mboard, backplane board, base board, system board, logic board (only in Apple computers) or mobo) is the main printed circuit board (PCB) in general-purpose computers and other expand ...
BIOS
In computing, BIOS (, ; Basic Input/Output System, also known as the System BIOS, ROM BIOS, BIOS ROM or PC BIOS) is firmware used to provide runtime services for operating systems and programs and to perform hardware initialization during the ...
update is an example of a common firmware patch. Any unexpected error or interruption during the update, such as a power outage, may render the motherboard unusable. It is possible for motherboard manufacturers to put safeguards in place to prevent serious damage; for example, the update procedure could make and keep a backup of the firmware to use in case it determines that the primary copy is corrupt (usually through the use of a
checksum
A checksum is a small-sized block of data derived from another block of digital data for the purpose of detecting errors that may have been introduced during its transmission or storage. By themselves, checksums are often used to verify data ...
, such as a
CRC).
Video games
Video game
Video games, also known as computer games, are electronic games that involves interaction with a user interface or input device such as a joystick, controller, keyboard, or motion sensing device to generate visual feedback. This fee ...
s receive patches to fix compatibility problems after their initial release just like any other software, but they can also be applied to change game rules or
algorithm
In mathematics and computer science, an algorithm () is a finite sequence of rigorous instructions, typically used to solve a class of specific Computational problem, problems or to perform a computation. Algorithms are used as specificat ...
s. These patches may be prompted by the discovery of
exploits in the
multiplayer
A multiplayer video game is a video game in which more than one person can play in the same game environment at the same time, either locally on the same computing system (couch co-op), on different computing systems via a local area network, or ...
game experience that can be used to gain unfair advantages over other players. Extra features and gameplay tweaks can often be added. These kinds of patches are common in
first-person shooters
First-person shooter (FPS) is a video game genre, sub-genre of shooter video games centered on gun and other weapon-based combat in a First person (video games), first-person perspective, with the player experiencing the action through the eye ...
with
multiplayer
A multiplayer video game is a video game in which more than one person can play in the same game environment at the same time, either locally on the same computing system (couch co-op), on different computing systems via a local area network, or ...
capability, and in
MMORPG
A massively multiplayer online role-playing game (MMORPG) is a video game that combines aspects of a role-playing video game and a massively multiplayer online game.
As in role-playing games (RPGs), the player assumes the role of a Player charac ...
s, which are typically very complex with large amounts of content, almost always rely heavily on patches following the initial release, where patches sometimes add new content and abilities available to players. Because the balance and fairness for all players of an MMORPG can be severely corrupted within a short amount of time by an exploit, servers of an MMORPG are sometimes taken down with short notice in order to apply a critical patch with a fix.
Companies sometimes release games knowing that they have bugs. ''
Computer Gaming World
''Computer Gaming World'' (CGW) was an American computer game magazine published between 1981 and 2006. One of the few magazines of the era to survive the video game crash of 1983, it was sold to Ziff Davis in 1993. It expanded greatly through ...
''s
Scorpia in 1994 denounced "companies—too numerous to mention—who release shoddy product knowing they can get by with patches and upgrades, and who make ''pay''-testers of their customers".
In software development
Patches sometimes become mandatory to fix problems with
libraries
A library is a collection of materials, books or media that are accessible for use and not just for display purposes. A library provides physical (hard copies) or digital access (soft copies) materials, and may be a physical location or a vir ...
or with portions of
source code
In computing, source code, or simply code, is any collection of code, with or without comments, written using a human-readable programming language, usually as plain text. The source code of a program is specially designed to facilitate the wo ...
for programs in frequent use or in maintenance. This commonly occurs on very large-scale software projects, but rarely in small-scale development.
In open-source projects, the authors commonly receive patches or many people publish patches that fix particular problems or add certain functionality, like support for local languages outside the project's locale. In an example from the early development of the
Linux kernel
The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel. It was originally authored in 1991 by Linus Torvalds for his i386-based PC, and it was soon adopted as the kernel for the GNU ope ...
(noted for publishing its complete source code),
Linus Torvalds
Linus Benedict Torvalds ( , ; born 28 December 1969) is a Finnish software engineer who is the creator and, historically, the lead developer of the Linux kernel, used by Linux distributions and other operating systems such as Android. He also c ...
, the original author, received hundreds of thousands of patches from many
programmer
A computer programmer, sometimes referred to as a software developer, a software engineer, a programmer or a coder, is a person who creates computer programs — often for larger computer software.
A programmer is someone who writes/creates ...
s to apply against his original version. For patches that are repetitive, there exists tools, such as
Coccinelle
Jacqueline Charlotte Dufresnoy (23 August 1931 – 9 October 2006), better known by her stage name Coccinelle, was a French actress, entertainer and singer. She was transgender, and was the first widely publicized post-war gender reassignment ca ...
to support writing generic patches and applying them at multiple locations at the same time (typically hundreds of locations in the case of the Linux kernel).
The
Apache HTTP Server
The Apache HTTP Server ( ) is a free and open-source cross-platform web server software, released under the terms of Apache License 2.0. Apache is developed and maintained by an open community of developers under the auspices of the Apache So ...
originally evolved as a number of patches that
Brian Behlendorf
Brian Behlendorf (born March 30, 1973) is an American technologist, executive, computer programmer and leading figure in the open-source software movement. He was a primary developer of the Apache Web server, the most popular web server software ...
collated to improve
NCSA HTTPd
NCSA HTTPd is an early, now discontinued, web server originally developed at the NCSA at the University of Illinois at Urbana–Champaign by Robert McCool and others. First released in 1993, it was among the earliest web servers developed, follo ...
, hence a name that implies that it is a collection of patches (
"a patchy server"). The FAQ on the project's official site states that the name 'Apache' was chosen from respect for the Native American Indian tribe of
Apache
The Apache () are a group of culturally related Native American tribes in the Southwestern United States, which include the Chiricahua, Jicarilla, Lipan, Mescalero, Mimbreño, Ndendahe (Bedonkohe or Mogollon and Nednhi or Carrizaleño an ...
. However, the 'a patchy server' explanation was initially given on the project's website.
Variants
Hotfix
A hotfix or Quick Fix Engineering update (QFE update) is a single, cumulative package that includes information (often in the form of one or more files) that is used to address a problem in a software product (i.e., a software bug). Typically, hotfixes are made to address a specific customer situation.
Microsoft
Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washing ...
once used this term but has stopped in favor of new terminology: General Distribution Release (GDR) and Limited Distribution Release (LDR).
Blizzard Entertainment
Blizzard Entertainment, Inc. is an American video game developer and publisher based in Irvine, California. A subsidiary of Activision Blizzard, the company was founded on February 8, 1991, under the name Silicon & Synapse, Inc. by three graduat ...
, however, defines a hotfix as "a change made to the game deemed critical enough that it cannot be held off until a regular content patch".
Point release
A point release is a
minor release
A maintenance release (also minor release or Maintenance Pack or MP) is a release of a product that does not add new features or content. For instance, in computer software, maintenance releases are typically intended to solve minor problems, typi ...
of a software project, especially one intended to fix bugs or do small cleanups rather than add significant
features
Feature may refer to:
Computing
* Feature (CAD), could be a hole, pocket, or notch
* Feature (computer vision), could be an edge, corner or blob
* Feature (software design) is an intentional distinguishing characteristic of a software item ...
. Often, there are too many bugs to be fixed in a single major or minor release, creating a need for a point release.
Program temporary fix
Program temporary fix or Product temporary fix (PTF), depending on date, is the standard
IBM terminology for a single bug fix, or group of fixes, distributed in a form ready to install for customers. A PTF was sometimes referred to as a “ZAP”.
Customers sometime explain the acronym in a tongue-in-cheek manner as ''permanent temporary fix'' or more practically ''probably this fixes'', because they have the option to make the PTF a permanent part of the operating system if the patch fixes the problem.
Security patches
A ''security patch'' is a change applied to an asset to correct the weakness described by a vulnerability. This corrective action will prevent successful exploitation and remove or mitigate a threat's capability to exploit a specific vulnerability in an asset. Patch management is a part of
vulnerability management
Vulnerability management is the "cyclical practice of identifying, classifying, prioritizing, remediating, and mitigating" software vulnerabilities. Vulnerability management is integral to computer security and network security, and must not be ...
the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities.
Security patches are the primary method of fixing security vulnerabilities in software. Currently Microsoft releases its security patches once a month, and other operating systems and software projects have security teams dedicated to releasing the most reliable software patches as soon after a vulnerability announcement as possible. Security patches are closely tied to
responsible disclosure
In computer security, coordinated vulnerability disclosure, or "CVD" (formerly known as responsible disclosure) is a vulnerability disclosure model in which a vulnerability or an issue is disclosed to the public only after the responsible partie ...
.
These security patches are critical to ensure that business process does not get affected. In 2017, companies were struck by a ransomware called
WannaCry
The WannaCry ransomware attack was a worldwide cyberattack in May 2017 by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitco ...
which encrypts files in certain versions of
Microsoft Windows
Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...
and demands a ransom via BitCoin. In response to this, Microsoft released a patch which stops the ransomware from running.
Service pack
A service pack or SP or a feature pack (FP) comprises a collection of updates, fixes, or enhancements to a software program delivered in the form of a single installable package. Companies often release a service pack when the number of individual patches to a given program reaches a certain (arbitrary) limit, or the software release has shown to be stabilized with a limited number of remaining issues based on users' feedback and bug tracking such as
Bugzilla
Bugzilla is a web-based general-purpose bug tracking system and testing tool originally developed and used by the Mozilla project, and licensed under the Mozilla Public License.
Released as open-source software by Netscape Communications in 1998 ...
. In large software applications such as office suites, operating systems, database software, or network management, it is not uncommon to have a service pack issued within the first year or two of a product's release. Installing a service pack is easier and less error-prone than installing many individual patches, even more so when updating multiple computers over a network, where service packs are common.
Unofficial patches
An unofficial patch is a patch for a program written by a third party instead of the original
developer
Developer may refer to:
Computers
* Software developer, a person or organization who develop programs/applications
* Video game developer, a person or business involved in video game development, the process of designing and creating games
* Web d ...
. Similar to an ordinary patch, it alleviates
bugs or shortcomings. Examples are security fixes by security specialists when an official patch by the software producers itself takes too long.
Other examples are unofficial patches created by the
game community
A virtual community is a social network of individuals who connect through specific social media, potentially crossing geographical and political boundaries in order to pursue mutual interests or goals. Some of the most pervasive virtual communi ...
of a
video game
Video games, also known as computer games, are electronic games that involves interaction with a user interface or input device such as a joystick, controller, keyboard, or motion sensing device to generate visual feedback. This fee ...
which became unsupported
abandonware
Abandonware is a product, typically software, ignored by its owner and manufacturer, and for which no official support is available.
Within an intellectual rights contextual background, abandonware is a software (or hardware) sub-case of the g ...
.
Monkey patches
Monkey patch Monkey patching is a technique used to dynamically update the behavior of a piece of code at run-time. A monkey patch (also spelled monkey-patch, MonkeyPatch) is a way to extend or modify the runtime code of dynamic languages (e.g. Smalltalk, JavaSc ...
ing means extending or modifying a program locally (affecting only the running instance of the program).
Hot patching
''Hot patching'', also known as ''live patching'' or ''dynamic software updating'', is the application of patches without shutting down and restarting the system or the program concerned. This addresses problems related to unavailability of service provided by the system or the program.
Method can be used to update
Linux kernel
The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel. It was originally authored in 1991 by Linus Torvalds for his i386-based PC, and it was soon adopted as the kernel for the GNU ope ...
without stopping the system.
A patch that can be applied in this way is called a ''hot patch'' or a ''live patch''. This is becoming a common practice in the mobile app space. Companies like
Rollout.io
Rollout.io provides a mobile software development kit (SDK) that enables feature flagging for mobile apps, allowing developers to remotely control the deployment of new features. The SDK currently supports native iOS apps written in Swift or Obj ...
use
method swizzling Monkey patching is a technique used to dynamically update the behavior of a piece of code at run-time. A monkey patch (also spelled monkey-patch, MonkeyPatch) is a way to extend or modify the runtime code of dynamic languages (e.g. Smalltalk, JavaSc ...
to deliver hot patches to the iOS ecosystem. Another method for hot-patching iOS apps is JSPatch.
Cloud providers often use hot patching to avoid downtime for customers when updating underlying infrastructure.
Slipstreaming
In computing, slipstreaming is the act of integrating patches (including
service pack
In computing, a service pack comprises a collection of updates, fixes, or enhancements to a software program delivered in the form of a single installable package. Companies often release a service pack when the number of individual patches to a ...
s) into the
installation
Installation may refer to:
* Installation (computer programs)
* Installation, work of installation art
* Installation, military base
* Installation, into an office, especially a religious (Installation (Christianity) Installation is a Christian li ...
files of their original app, so that the result allows a direct installation of the updated app.
The nature of slipstreaming means that it involves an initial outlay of time and work, but can save a lot of time (and, by extension, money) in the long term. This is especially significant for administrators that are tasked with managing a large number of computers, where typical practice for installing an operating system on each computer would be to use the original media and then update each computer after the installation was complete. This would take a lot more time than starting with a more up-to-date (slipstreamed) source, and needing to download and install the few updates not included in the slipstreamed source.
However, not all patches can be applied in this fashion and one disadvantage is that if it is discovered that a certain patch is responsible for later problems, said patch cannot be removed without using an original, non-slipstreamed installation source.
Software update systems
Software update systems allow for updates to be managed by users and software developers. In the
2017 Petya cyberpandemic, the financial software "MeDoc"'s update system is said to have been compromised to spread
malware
Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depri ...
via its updates. On the Tor Blog cybersecurity expert Mike Perry states that
deterministic
Determinism is a philosophical view, where all events are determined completely by previously existing causes. Deterministic theories throughout the history of philosophy have developed from diverse and sometimes overlapping motives and consi ...
, distributed builds are likely the only way to defend against malware that attacks the software development and
build processes to infect millions of machines in a single, officially signed, instantaneous update. Update managers also allow for security updates to be applied quickly and widely. Update managers of
Linux
Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which ...
such as
Synaptic allow users to update all software installed on their machine. Applications like Synaptic use cryptographic checksums to verify source/local files before they are applied to ensure fidelity against malware.
See also
*
Software release life cycle
A software release life cycle is the sum of the stages of development and maturity for a piece of computer software ranging from its initial development to its eventual release, and including updated versions of the released version to help impro ...
*
Software maintenance
Software maintenance in software engineering is the modification of a software product after delivery to correct faults, to improve performance or other attributes.
A common perception of maintenance is that it merely involves fixing defects. H ...
*
Backporting
Backporting is the action of taking parts from a newer version of a software system or software component and porting them to an older version of the same software. It forms part of the maintenance step in a software development process, and it ...
*
Dribbleware
*
Patch (Unix)
The computer tool patch is a Unix program that updates text files according to instructions contained in a separate file, called a ''patch file''. The patch file (also called a ''patch'' for short) is a text file that consists of a list of differe ...
*
Porting
In software engineering, porting is the process of adapting software for the purpose of achieving some form of execution in a computing environment that is different from the one that a given program (meant for such execution) was originally desi ...
*
Vulnerability database
A vulnerability database (VDB) is a platform aimed at collecting, maintaining, and disseminating information about discovered computer security vulnerabilities. The database will customarily describe the identified vulnerability, assess the potent ...
*
Delta encoding
Delta encoding is a way of storing or transmitting data in the form of '' differences'' (deltas) between sequential data rather than complete files; more generally this is known as data differencing. Delta encoding is sometimes called delta compre ...
*
SMP/E
System Modification Program/Extended (SMP/E), the proprietary version of System Modification Program (SMP), "is a tool designed to manage the installation of software products on z/OS system and to track the modifications" to those products.
S ...
*
Automatic bug fixing
Automatic bug-fixing is the automatic repair of software bugs without the intervention of a human programmer. It is also commonly referred to as ''automatic patch generation'', ''automatic bug repair'', or ''automatic program repair''. The typical ...
*
White hat (computer security)
A white hat (or a white-hat hacker, a whitehat) is an ethical security hacker. Ethical hacking is a term meant to imply a broader category than just penetration testing. Under the owner's consent, white-hat hackers aim to identify any vulnerabili ...
References
External links
''The Jargon File'' version 4.4.7 entry for ''patch''*
ttps://web.archive.org/web/20160526200829/http://linux.yyz.us/patch-format.html Official Linux kernel patch format0-Day Patch - Exposing Vendors (In)security Performance{{snd a metric comparing patch performance of Microsoft and Apple
Software maintenance
Software release