A patch is data that is intended to be used to modify an existing software resource such as a program or a file, often to fix bugs and security vulnerabilities.[1][2] A patch may be created to improve functionality, usability, or performance. A patch is typically provided by a vendor for updating the software that they provide.
A patch may be created manually, but commonly it is created via a tool that compares two versions of the resource and generates data that can be used to transform one to the other.
Typically, a patch needs to be applied to the specific version of the resource it is intended to modify, although there are exceptions. Some patching tools can detect the version of the existing resource and apply the appropriate patch, even if it supports multiple versions. As more patches are released, their cumulative size can grow significantly, sometimes exceeding the size of the resource itself. To manage this, the number of supported versions may be limited, or a complete copy of the resource might be provided instead.
Patching allows for modifying a compiled (machine language) program when the source code is unavailable. This demands a thorough understanding of the inner workings of the compiled code, which is challenging without access to the source code.
Patching allows for making changes to a program without rebuilding it from source. For small changes, it can be more economical to distribute a patch than to distribute the complete resource.
Although often intended to fix problems, a poorly designed patch can introduce new problems (see software regressions). In some cases updates may knowingly break the functionality or disable a device, for instance, by removing components for which the update provider is no longer licensed.
Patch management is a part of lifecycle management, and is the process of using a strategy and plan of what patches should be applied to which systems at a specified time.
Typically, a patch is applied via programmed control to computer storage so that it is permanent. In some cases a patch is applied by a programmer via a tool such as a debugger to computer memory in which case the change is lost when the resource is reloaded from storage.
Types
Binary patches
Patches for proprietary software are typically distributed as executable files instead of source code. When executed these files load a program into memory which manages the installation of the patch code into the target program(s) on disk.
Patches for other software are typically distributed as data files containing the patch code. These are read by a patch utility program which performs the installation. This utility modifies the target program's executable file—the program's machine code—typically by overwriting its bytes with bytes representing the new patch code. If the new code will fit in the space (number of bytes) occupied by the old code, it may be put in place by overwriting directly over the old code. This is called an inline patch. If the new code is bigger than the old code, the patch utility will append load record(s) containing the new code to the object file of the target program being patched. When the patched program is run, execution is directed to the new code with branch instructions (jumps or calls) patched over the place in the old code where the new code is needed. On early 8-bit microcomputers, for example the Radio Shack TRS-80, the operating system includes a PATCH/CMD utility which accepts patch data from a text file and applies the fixes to the target program's executable binary file(s).
The patch code must have place(s) in memory to be executed at runtime. Inline patches are no difficulty, but when additional memory space is needed the programmer must improvise. Naturally if the patch programmer is the one who first created the code to be patched, this is easier. Savvy programmers plan in advance for this need by reserving memory for later expansion, left unused when producing their final iteration. Other programmers not involved with the original implementation, seeking to incorporate changes at a later time, must find or make space for any additional bytes needed. The most fortunate possible circumstance for this is when the routine to be patched is a distinct module. In this case the patch programmer need merely adjust the pointers or length indicators that signal to other system components the space occupied by the module; he is then free to populate this memory space with his expanded patch code. If the routine to be patched does not exist as a distinct memory module, the programmer must find ways to shrink the routine to make enough room for the expanded patch code. Typical tactics include shortening code by finding more efficient sequences of instructions (or by redesigning with more efficient algorithms), compacting message strings and other data areas, externalizing program functions to mass storage (such as disk overlays), or removal of program features deemed less important than the changes to be installed with the patch.
Small in-memory machine code patches can be manually applied with the system debug utility, such as CP/M's DDT or MS-DOS's DEBUG debuggers. Programmers working in interpreted BASIC often used the POKE command to alter the functionality of a system service routine or the interpreter itself.
Source code patches
Patches can also circulate in the form of source code modifications. In this case, the patches usually consist of textual differences between two source code files, called "diffs". These types of patches commonly come out of open-source software projects. In these cases, developers expect users to compile the new or changed files themselves.
Large patches
Because the word "patch" carries the connotation of a small fix, large fixes may use different nomenclature. Bulky patches or patches that significantly change a program may circulate as "service packs" or as "software updates". Microsoft Windows NT and its successors (including Windows 2000, Windows XP, Windows Vista and Windows 7) use the "service pack" terminology.[3] Historically, IBM used the terms "FixPaks" and "Corrective Service Diskette" to refer to these updates.[4]
A program tape for the 1944 Harvard Mark I, one of the first digital computers. Note physical patches used to correct punched holes by covering them.
Historically, software suppliers distributed patches on paper tape or on punched cards, expecting the recipient to cut out the indicated part of the original tape (or deck), and patch in (hence the name) the replacement segment. Later patch distributions used magnetic tape. Then, after the invention of removable disk drives, patches came from the software developer via a disk or, later, CD-ROM via mail. With widely available Internet access, downloading patches from the developer's web site or through automated software updates became often available to the end-users. Starting with Apple's Mac OS 9 and Microsoft's Windows ME, PC operating systems gained the ability to get automatic software updates via the Internet.
Computer programs can often coordinate patches to update a target program. Automation simplifies the end-user's task– they need only to execute an update program, whereupon that program makes sure that updating the target takes place completely and correctly. Service packs for Microsoft Windows NT and its successors and for many commercial software products adopt such automated strategies.
Some programs can update themselves via the Internet with very little or no intervention on the part of users. The maintenance of server software and of operating systems often takes place in this manner. In situations where system administrators control a number of computers, this sort of automation helps to maintain consistency. The application of security patches commonly occurs in this manner.
With the advent of larger storage media and higher Internet bandwidth, it became common to replace entire files (or even all of a program's files) rather than modifying existing files, especially for smaller programs.
Application
The size of patches may vary from a few bytes to hundreds of megabytes; thus, more significant changes imply a larger size, though this also depends on whether the patch includes entire files or only the changed portion(s) of files. In particular, patches can become quite large when the changes add or replace non-program data, such as graphics and sounds files. Such situations commonly occur in the patching of computer games. Compared with the initial installation of software, patches usually do not take long to apply.
In the case of operating systems and computer server software, patches have the particularly important role of fixing security holes. Some critical patches involve issues with drivers.[5] Patches may require prior application of other patches, or may require prior or concurrent updates of several independent software components. To facilitate updates, operating systems often provide automatic or semi-automatic updating facilities. Completely automatic updates have not succeeded in gaining widespread popularity in corporate computing environments, partly because of the aforementioned glitches, but also because administrators fear that software companies may gain unlimited control over their computers.[citation needed]Package management systems can offer various degrees of patch automation.
Usage of completely automatic updates has become far more widespread in the consumer market, due largely[citation needed] to the fact that Microsoft Windows added support for them[when?], and Service Pack 2 of Windows XP (available in 2004) enabled them by default. Cautious users, particularly system administrators, tend to put off applying patches until they can verify the stability of the fixes. Microsoft (W)SUS supports this. In the cases of large patches or of significant changes, distributors often limit availability of patches to qualified developers as a beta test.
Applying patches to firmware poses special challenges, as it often involves the provisioning of totally new firmware images, rather than applying only the differences from the previous version. The patch usually consists of a firmware image in form of binary data, together with a supplier-provided special program that replaces the previous version with the new version; a motherboardBIOS update is an example of a common firmware patch. Any unexpected error or interruption during the update, such as a power outage, may render the motherboard unusable. It is possible for motherboard manufacturers to put safeguards in place to prevent serious damage; for example, the update procedure could make and keep a backup of the firmware to use in case it determines that the primary copy is corrupt (usually through the use of a checksum, such as a CRC).
Video games
Video games receive patches to fix compatibility problems after their initial release just like any other software, but they can also be applied to change game rules or algorithms. These patches may be prompted by the discovery of exploits in the multiplayer game experience that can be used to gain unfair advantages over other players. Extra features and gameplay tweaks can often be added. These kinds of patches are common in first-person shooters with multiplayer capability, and in MMORPGs, which are typically very complex with large amounts of content, almost always rely heavily on patches following the initial release, where patches sometimes add new content and abilities available to players. Because the balance and fairness for all players of an MMORPG can be severely corrupted within a short amount of time by an exploit, servers of an MMORPG are sometimes taken down with short notice in order to apply a critical patch with a fix.
Companies sometimes release games knowing that they have bugs. Computer Gaming World's Scorpia in 1994 denounced "companies—too numerous to mention—who release shoddy product knowing they can get by with patches and upgrades, and who make 'pay-testers of their customers".[6]
In software development
Patches sometimes become mandatory to fix problems with libraries or with portions of source code for programs in frequent use or in maintenance. This commonly occurs on very large-scale software projects, but rarely in small-scale development.
In open-source projects, the authors commonly receive patches or many people publish patches that fix particular problems or add certain functionality, like support for local languages outside the project's locale. In an example from the early development of the Linux kernel (noted for publishing its complete source code), Linus Torvalds, the original author, received hundreds of thousands of patches from many programmers to apply against his original version.
The Apache HTTP Server originally evolved as a number of patches that Brian Behlendorf collated to improve NCSA HTTPd, hence a name that implies that it is a collection of patches ("a patchy server"). The FAQ on the project's official site states that the name 'Apache' was chosen from respect for the Native American Indian tribe of Apache. However, the 'a patchy server' explanation was initially given on the project's website.[7]
A hotfix or Quick Fix Engineering update (QFE update) is a single, cumulative package that includes information (often in the form of one or more files) that is used to address a problem in a software product (i.e., a software bug). Typically, hotfixes are made to address a specific customer situation. Microsoft once used this term but has stopped in favor of new terminology: General Distribution Release (GDR) and Limited Distribution Release (LDR). Blizzard Entertainment, however, defines a hotfix as "a change made to the game deemed critical enough that it cannot be held off until a regular content patch".
A point release is a minor release of a software project, especially one intended to fix bugs or do small cleanups rather than add significant features. Often, there are too many bugs to be fixed in a single major or minor release, creating a need for a point release.
Program temporary fix or Product temporary fix (PTF), depending on date, is the standard IBM terminology for a single bug fix, or group of fixes, distributed in a form ready to install for customers. A PTF was sometimes referred to as a “ZAP”.[8] Customers sometime explain the acronym in a tongue-in-cheek manner as permanent temporary fix or more practically probably this fixes, because they have the option to make the PTF a permanent part of the operating system if the patch fixes the problem.
Security patches
A security patch is a change applied to an asset to correct the weakness described by a vulnerability. This corrective action will prevent successful exploitation and remove or mitigate a threat's capability to exploit a specific vulnerability in an asset. Patch management is a part of vulnerability management– the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities.
Security patches are the primary method of fixing security vulnerabilities in software. Currently Microsoft releases its security patches once a month ("patch Tuesday"), and other operating systems and software projects have security teams dedicated to releasing the most reliable software patches as soon after a vulnerability announcement as possible. Security patches are closely tied to responsible disclosure.
These security patches are critical to ensure that business process does not get affected. In 2017, companies were struck by a ransomware called WannaCry which encrypts files in certain versions of Microsoft Windows and demands a ransom via BitCoin. In response to this, Microsoft released a patch which stops the ransomware from running.
A service pack or SP or a feature pack (FP) comprises a collection of updates, fixes, or enhancements to a software program delivered in the form of a single installable package. Companies often release a service pack when the number of individual patches to a given program reaches a certain (arbitrary) limit, or the software release has shown to be stabilized with a limited number of remaining issues based on users' feedback and bug tracking such as Bugzilla. In large software applications such as office suites, operating systems, database software, or network management, it is not uncommon to have a service pack issued within the first year or two of a product's release. Installing a service pack is easier and less error-prone than installing many individual patches, even more so when updating multiple computers over a network, where service packs are common.
An unofficial patch is a patch for a program written by a third party instead of the original developer. Similar to an ordinary patch, it alleviates bugs or shortcomings. Examples are security fixes by security specialists when an official patch by the software producers itself takes too long.[9][10] Other examples are unofficial patches created by the game community of a video game which became unsupported.[11][12]
Hot patching, also known as live patching or dynamic software updating, is the application of patches without shutting down and restarting the system or the program concerned. This addresses problems related to unavailability of service provided by the system or the program.[13] Method can be used to update Linux kernel without stopping the system.[14][15] A patch that can be applied in this way is called a hot patch or a live patch. This is becoming a common practice in the mobile app space.[16] Companies like Rollout.io use method swizzling to deliver hot patches to the iOS ecosystem.[17] Another method for hot-patching iOS apps is JSPatch.[18]
Cloud providers often use hot patching to avoid downtime for customers when updating underlying infrastructure.[19]
Slipstreaming
In computing, slipstreaming is the act of integrating patches (including service packs) into the installation files of their original app, so that the result allows a direct installation of the updated app.[20][21]
The nature of slipstreaming means that it involves an initial outlay of time and work, but can save a lot of time (and, by extension, money) in the long term. This is especially significant for administrators that are tasked with managing a large number of computers, where typical practice for installing an operating system on each computer would be to use the original media and then update each computer after the installation was complete. This would take a lot more time than starting with a more up-to-date (slipstreamed) source, and needing to download and install the few updates not included in the slipstreamed source.
However, not all patches can be applied in this fashion and one disadvantage is that if it is discovered that a certain patch is responsible for later problems, said patch cannot be removed without using an original, non-slipstreamed installation source.
Software update systems allow for updates to be managed by users and software developers. In the 2017 Petya cyberpandemic, the financial software "MeDoc"'s update system is said to have been compromised to spread malware via its updates.[22][23] On the Tor Blog, cybersecurity expert Mike Perry states that deterministic, distributed builds are likely the only way to defend against malware that attacks the software development and build processes to infect millions of machines in a single, officially signed, instantaneous update.[24] Update managers also allow for security updates to be applied quickly and widely. Update managers of Linux such as Synaptic allow users to update all software installed on their machine. Applications like Synaptic use cryptographic checksums to verify source/local files before they are applied to ensure fidelity against malware.[25][26]
In the context of an operating system, a device driver is a computer program that operates or controls a particular type of device that is attached to a computer or automaton. A driver provides a software interface to hardware devices, enabling operating systems and other computer programs to access hardware functions without needing to know precise details about the hardware being used.
Free software, libre software, libreware or rarely known as freedom-respecting software is computer software distributed under terms that allow users to run the software for any purpose as well as to study, change, and distribute it and any adapted versions. Free software is a matter of liberty, not price; all users are legally free to do what they want with their copies of a free software regardless of how much is paid to obtain the program. Computer programs are deemed "free" if they give end-users ultimate control over the software and, subsequently, over their devices.
Windows XP is a major release of Microsoft's Windows NT operating system. It was released to manufacturing on August 24, 2001, and later to retail on October 25, 2001. It is a direct upgrade to its predecessors, Windows 2000 for high-end and business users and Windows Me for home users.
A software bug is a bug in computer software.
Wine is a free and open-source compatibility layer to allow application software and computer games developed for Microsoft Windows to run on Unix-like operating systems. Developers can compile Windows applications against WineLib to help port them to Unix-like systems. Wine is predominantly written using black-box testing reverse-engineering, to avoid copyright issues. No code emulation or virtualization occurs. Wine is primarily developed for Linux and macOS.
Windows Server 2003, codenamed "Whistler Server", is the sixth version of the Windows Server operating system produced by Microsoft. It is part of the Windows NT family of operating systems and was released to manufacturing on March 28, 2003 and generally available on April 24, 2003. Windows Server 2003 is the successor to the Server editions of Windows 2000 and the predecessor to Windows Server 2008. An updated version, Windows Server 2003 R2, was released to manufacturing on December 6, 2005. Windows Server 2003 is based on Windows XP.
The software release life cycle is the process of developing, testing, and distributing a software product. It typically consists of several stages, such as pre-alpha, alpha, beta, and release candidate, before the final version, or "gold", is released to the public.
Source lines of code (SLOC), also known as lines of code (LOC), is a software metric used to measure the size of a computer program by counting the number of lines in the text of the program's source code. SLOC is typically used to predict the amount of effort that will be required to develop a program, as well as to estimate programming productivity or maintainability once the software is produced.
Windows Update is a Microsoft service for the Windows 9x and Windows NT families of the Microsoft Windows operating system, which automates downloading and installing Microsoft Windows software updates over the Internet. The service delivers software updates for Windows, as well as the various Microsoft antivirus products, including Windows Defender and Microsoft Security Essentials. Since its inception, Microsoft has introduced two extensions of the service: Microsoft Update and Windows Update for Business. The former expands the core service to include other Microsoft products, such as Microsoft Office and Microsoft Expression Studio. The latter is available to business editions of Windows 10 and permits postponing updates or receiving updates only after they have undergone rigorous testing.
In computing, a service pack comprises a collection of updates, fixes, or enhancements to a software program delivered in the form of a single installable package. Companies often release a service pack when the number of individual patches to a given program reaches a certain (arbitrary) limit, or the software release has shown to be stabilized with a limited number of remaining issues based on users' feedback and bug reports. In large software applications such as office suites, operating systems, database software, or network management, it is not uncommon to have a service pack issued within the first year or two of a product's release. Installing a service pack is easier and less error-prone than installing many individual patches, even more so when updating multiple computers over a network, where service packs are common.
Game programming, a subset of game development, is the software development of video games. Game programming requires substantial skill in software engineering and computer programming in a given language, as well as specialization in one or more of the following areas: simulation, computer graphics, artificial intelligence, physics, audio programming, and input. For multiplayer games, knowledge of network programming is required. In some genres, e.g. fighting games, advanced network programming is often demanded, as the netcode and its properties are considered by players and critics to be some of the most important metrics of the game's quality. For massively multiplayer online games (MMOGs), even further knowledge of database programming and advanced networking programming are required. Though often engaged in by professional game programmers, there is a thriving scene of independent developers who lack a relationship with a publishing company.
Software versioning is the process of assigning either unique version names or unique version numbers to unique states of computer software. Within a given version number category, these numbers are generally assigned in increasing order and correspond to new developments in the software. At a fine-grained level, revision control is used for keeping track of incrementally-different versions of information, whether or not this information is computer software, in order to be able to roll any changes back.
A hotfix is a software update that is released outside the normal update cycle or intended to be applied to a live system; often to fix a bug.
Microsoft Data Access Components is a framework of interrelated Microsoft technologies that allows programmers a uniform and comprehensive way of developing applications that can access almost any data store. Its components include: ActiveX Data Objects (ADO), OLE DB, and Open Database Connectivity (ODBC). There have been several deprecated components as well, such as the Jet Database Engine, MSDASQL, and Remote Data Services (RDS). Some components have also become obsolete, such as the former Data Access Objects API and Remote Data Objects.
AutoPatcher is an offline updater and alternative to Microsoft Update that can be used for installing software patches, service packs and other updates for certain Microsoft Windows systems. It allows these to be downloaded on a different machine or in advance, and then installed without an internet connection. By doing this, system updates can be automated and scripted, time and bandwidth required to download relevant updates is reduced, and exposure of unsecured systems online can be avoided. AutoPatcher also allows installation of some common additional software, registry settings, and patches for other Microsoft software, notably Microsoft Office.
The Windows Metafile vulnerability—also called the Metafile Image Code Execution and abbreviated MICE—is a security vulnerability in the way some versions of the Microsoft Windows operating system handled images in the Windows Metafile format. It permits arbitrary code to be executed on affected computers without the permission of their users. It was discovered on December 27, 2005, and the first reports of affected computers were announced within 24 hours. Microsoft released a high-priority update to eliminate this vulnerability via Windows Update on January 5, 2006. Attacks using this vulnerability are known as WMF exploits.
Criticism of Windows XP deals with issues with security, performance and the presence of product activation errors that are specific to the Microsoft operating system Windows XP.
Software remastering is software development that recreates system software and applications while incorporating customizations, with the intent that it is copied and run elsewhere for "off-label" usage. The term comes from remastering in media production, where it is similarly distinguished from mere copying.
Proprietary software is software that grants its creator, publisher, or other rightsholder or rightsholder partner a legal monopoly by modern copyright and intellectual property law to exclude the recipient from freely sharing the software or modifying it, and—in some cases, as is the case with some patent-encumbered and EULA-bound software—from making use of the software on their own, thereby restricting their freedoms.
An unofficial patch is a patch for a piece of software, created by a third party such as a user community without the involvement of the original developer. Similar to an ordinary patch, it alleviates bugs or shortcomings. Unofficial patches do not usually change the intended usage of the software, in contrast to other third-party software adaptions such as mods or cracks.
↑ Wen, Howard (2004-06-10). "Keeping the Myths Alive". linuxdevcenter.com. Archived from the original on 2013-04-06. Retrieved 2012-12-22. [...]fans of the Myth trilogy have taken this idea a step further: they have official access to the source code for the Myth games. Organized under the name MythDevelopers, this all-volunteer group of programmers, artists, and other talented people devote their time to improving and supporting further development of the Myth game series.
↑ Bell, John (2009-10-01). "Opening the Source of Art". Technology Innovation Management Review. Archived from the original on 2014-03-30. Retrieved 2012-12-30. [...]that no further patches to the title would be forthcoming. The community was predictably upset. Instead of giving up on the game, users decided that if Activision wasn't going to fix the bugs, they would. They wanted to save the game by getting Activision to open the source so it could be kept alive beyond the point where Activision lost interest. With some help from members of the development team that were active on fan forums, they were eventually able to convince Activision to release Call to Power II's source code in October of 2003.
This page is based on this Wikipedia article Text is available under the CC BY-SA 4.0 license; additional terms may apply. Images, videos and audio are available under their respective licenses.
