Patch (computing)
Encyclopedia
A patch is a piece of software designed to fix problems with, or update a computer program
or its supporting data. This includes fixing security vulnerabilities and other bugs, and improving the usability
or performance
. Though meant to fix problems, poorly designed patches can sometimes introduce new problems (see software regression
s).
Patch management is the process of using a strategy and plan of what patches should be applied to which systems at a specified time.
authors withhold their source code
, their patches are distributed as binary executables instead of source. This type of patch modifies the program executable—the program the user actually runs—either by modifying the binary file to include the fixes or by completely replacing it.
Patches can also circulate in the form of source code modifications. In these cases, the patches consist of textual differences between two source code files. These types of patches commonly come out of open source
projects. In these cases, developers expect users to compile the new or changed files themselves.
Because the word "patch" carries the connotation of a small fix, large fixes may use different nomenclature. Bulky patches or patches that significantly change a program may circulate as "service pack
s" or as "software updates". Microsoft Windows NT and its successors (including Windows 2000
, Windows XP
, and later versions) use the "service pack" terminology.
In several Unix-like
systems, particularly Linux
, updates between releases are delivered as new software packages
. These updates are in the same format as the original installation so they can be used either to update an existing package in-place (effectively patching) or be used directly for new installations.
or, later, CD-ROM
via mail
. Today, with almost universal Internet
access, end-users must download most patches from the developer's web site.
Today, computer programs can often coordinate patches to update a target program. Automation simplifies the end-users' task — they need only to execute an update program, whereupon that program makes sure that updating the target takes place completely and correctly. Service packs for Microsoft Windows NT and its successors and for many commercial software products adopt such automated strategies.
Some programs can update themselves via the Internet
with very little or no intervention on the part of users. The maintenance of server
software and of operating system
s often takes place in this manner. In situations where system administrators control a number of computers, this sort of automation helps to maintain consistency. The application of security patches commonly occurs in this manner.
s to hundreds of megabyte
s — mostly more significant changes imply a larger size, though this also depends on whether the patch includes entire files or only the changed portion(s) of files. In particular, patches can become quite large when the changes add or replace non-program data, such as graphics and sounds files. Such situations commonly occur in the patching of computer games. Compared with the initial installation of software, patches usually do not take long to apply.
In the case of operating systems and computer server software, patches have the particularly important role of fixing security holes. To facilitate updates, operating systems often provide automatic or semi-automatic update facilities.
Completely automatic updates have not succeeded in gaining widespread popularity in corporate computing environments, partly because of the aforementioned glitches, but also because administrators fear that software companies may gain unlimited control over their computers. Package management system
s can offer various degrees of patch automation.
Usage of completely automatic updates is far more widespread in the consumer market, due largely to the fact that Microsoft Windows
added support for them, and Service Pack 2 of Windows XP enabled them by default.
Cautious users, particularly system administrators, tend to put off applying patches until they can verify the stability of the fixes. Microsoft (W)SUS support this. In the cases of large patches or of significant changes, distributors often limit availability of patches to qualified developers as a beta test.
Applying patches to firmware
poses special challenges: re-embedding typically small code sets on hardware devices often involves the provision of totally new program code, rather than simply of differences from the previous version. Often the patch consists of bare binary data and a special program that replaces the previous version with the new version is provided. A motherboard
BIOS
update is an example of a common firmware patch. Any unexpected error or interruption during the update, such as a power outage, may render the motherboard unusable. It is possible for motherboard manufacturers to put safeguards in place to prevent serious damage. An example safeguard is to keep a backup of the firmware to use in case the primary copy is determined to be corrupt (usually through the use of a checksum
, such as a CRC
).
s. These patches may be prompted by the discovery of exploits
in the multiplayer game experience that can be used to gain unfair advantages over other players. Extra features and game play tweaks can often be added. These kinds of patches are common in first-person shooters with multiplayer capability, and in MMORPG
s. MMORPGs, which are typically very complex with large amounts of content, almost always rely heavily on patches following the initial release, where patches sometimes add new content and abilities available to players. Because the balance and fairness for all players of an MMORPG can be severely corrupted within a short amount of time by an exploit, servers of an MMORPG are sometimes taken down with short notice in order to apply a critical patch with a fix.
, StableUpdate
or Visual Patch. WinZip Self-Extractor
can launch a program that can apply a patch
or with portions of source code
for programs in frequent use or in maintenance. This commonly occurs on very large-scale software projects, but rarely in small-scale development.
In open source
projects, the authors commonly receive patches or many people publish patches that fix particular problems or add certain functionality, like support for local languages outside the project's locale. In an example from the early development of the Linux
operating system (noted for publishing its complete source code), Linus Torvalds
, the original author, received hundreds of thousands of patches from many programmer
s to apply against his original version.
The Apache HTTP Server
originally evolved as a number of patches that Brian Behlendorf
collated to improve NCSA HTTPd
, hence a name that implies that it is a collection of patches ("a patchy server"). The FAQ on the project's official site states that the name 'Apache' was chosen from respect for the Native American Indian tribe of Apache
. However, the 'a patchy server' explanation was initially given on the project's website.
Security patches are the primary method of fixing security vulnerabilities in software. Currently Microsoft releases its security patches once a month, and other operating systems and software projects have security teams dedicated to releasing the most reliable software patches as soon after a vulnerability announcement as possible. Security patches are closely tied to responsible disclosure
.
Computer program
A computer program is a sequence of instructions written to perform a specified task with a computer. A computer requires programs to function, typically executing the program's instructions in a central processor. The program has an executable form that the computer can use directly to execute...
or its supporting data. This includes fixing security vulnerabilities and other bugs, and improving the usability
Usability
Usability is the ease of use and learnability of a human-made object. The object of use can be a software application, website, book, tool, machine, process, or anything a human interacts with. A usability study may be conducted as a primary job function by a usability analyst or as a secondary job...
or performance
Performance
A performance, in performing arts, generally comprises an event in which a performer or group of performers behave in a particular way for another group of people, the audience. Choral music and ballet are examples. Usually the performers participate in rehearsals beforehand. Afterwards audience...
. Though meant to fix problems, poorly designed patches can sometimes introduce new problems (see software regression
Software regression
A software regression is a software bug which makes a feature stop functioning as intended after a certain event...
s).
Patch management is the process of using a strategy and plan of what patches should be applied to which systems at a specified time.
Types
Programmers publish and apply patches in various forms. Because proprietary softwareProprietary software
Proprietary software is computer software licensed under exclusive legal right of the copyright holder. The licensee is given the right to use the software under certain conditions, while restricted from other uses, such as modification, further distribution, or reverse engineering.Complementary...
authors withhold their source code
Source code
In computer science, source code is text written using the format and syntax of the programming language that it is being written in. Such a language is specially designed to facilitate the work of computer programmers, who specify the actions to be performed by a computer mostly by writing source...
, their patches are distributed as binary executables instead of source. This type of patch modifies the program executable—the program the user actually runs—either by modifying the binary file to include the fixes or by completely replacing it.
Patches can also circulate in the form of source code modifications. In these cases, the patches consist of textual differences between two source code files. These types of patches commonly come out of open source
Open source
The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology...
projects. In these cases, developers expect users to compile the new or changed files themselves.
Because the word "patch" carries the connotation of a small fix, large fixes may use different nomenclature. Bulky patches or patches that significantly change a program may circulate as "service pack
Service pack
A service pack is a collection of updates, fixes or enhancements to a software program delivered in the form of a single installable package. Many companies, such as Microsoft or Autodesk, typically release a service pack when the number of individual patches to a given program reaches a certain ...
s" or as "software updates". Microsoft Windows NT and its successors (including Windows 2000
Windows 2000
Windows 2000 is a line of operating systems produced by Microsoft for use on personal computers, business desktops, laptops, and servers. Windows 2000 was released to manufacturing on 15 December 1999 and launched to retail on 17 February 2000. It is the successor to Windows NT 4.0, and is the...
, Windows XP
Windows XP
Windows XP is an operating system produced by Microsoft for use on personal computers, including home and business desktops, laptops and media centers. First released to computer manufacturers on August 24, 2001, it is the second most popular version of Windows, based on installed user base...
, and later versions) use the "service pack" terminology.
In several Unix-like
Unix-like
A Unix-like operating system is one that behaves in a manner similar to a Unix system, while not necessarily conforming to or being certified to any version of the Single UNIX Specification....
systems, particularly Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
, updates between releases are delivered as new software packages
Software package (installation)
In package management systems, which are commonly used with Linux-based operating systems, a package is a specific piece of software which the system can install and uninstall....
. These updates are in the same format as the original installation so they can be used either to update an existing package in-place (effectively patching) or be used directly for new installations.
History
Historically, software suppliers distributed patches on paper tape or on punched cards, expecting the recipient to cut out the indicated part of the original tape (or deck), and patch in (hence the name) the replacement segment. Later patch distributions used magnetic tape. Then, after the invention of removable disk drives, patches came from the software developer via a diskFloppy disk
A floppy disk is a disk storage medium composed of a disk of thin and flexible magnetic storage medium, sealed in a rectangular plastic carrier lined with fabric that removes dust particles...
or, later, CD-ROM
CD-ROM
A CD-ROM is a pre-pressed compact disc that contains data accessible to, but not writable by, a computer for data storage and music playback. The 1985 “Yellow Book” standard developed by Sony and Philips adapted the format to hold any form of binary data....
via mail
Mail
Mail, or post, is a system for transporting letters and other tangible objects: written documents, typically enclosed in envelopes, and also small packages are delivered to destinations around the world. Anything sent through the postal system is called mail or post.In principle, a postal service...
. Today, with almost universal Internet
Internet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...
access, end-users must download most patches from the developer's web site.
Today, computer programs can often coordinate patches to update a target program. Automation simplifies the end-users' task — they need only to execute an update program, whereupon that program makes sure that updating the target takes place completely and correctly. Service packs for Microsoft Windows NT and its successors and for many commercial software products adopt such automated strategies.
Some programs can update themselves via the Internet
Internet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...
with very little or no intervention on the part of users. The maintenance of server
Server (computing)
In the context of client-server architecture, a server is a computer program running to serve the requests of other programs, the "clients". Thus, the "server" performs some computational task on behalf of "clients"...
software and of operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
s often takes place in this manner. In situations where system administrators control a number of computers, this sort of automation helps to maintain consistency. The application of security patches commonly occurs in this manner.
Application
The size of patches may vary from a few kilobyteKilobyte
The kilobyte is a multiple of the unit byte for digital information. Although the prefix kilo- means 1000, the term kilobyte and symbol KB have historically been used to refer to either 1024 bytes or 1000 bytes, dependent upon context, in the fields of computer science and information...
s to hundreds of megabyte
Megabyte
The megabyte is a multiple of the unit byte for digital information storage or transmission with two different values depending on context: bytes generally for computer memory; and one million bytes generally for computer storage. The IEEE Standards Board has decided that "Mega will mean 1 000...
s — mostly more significant changes imply a larger size, though this also depends on whether the patch includes entire files or only the changed portion(s) of files. In particular, patches can become quite large when the changes add or replace non-program data, such as graphics and sounds files. Such situations commonly occur in the patching of computer games. Compared with the initial installation of software, patches usually do not take long to apply.
In the case of operating systems and computer server software, patches have the particularly important role of fixing security holes. To facilitate updates, operating systems often provide automatic or semi-automatic update facilities.
Completely automatic updates have not succeeded in gaining widespread popularity in corporate computing environments, partly because of the aforementioned glitches, but also because administrators fear that software companies may gain unlimited control over their computers. Package management system
Package management system
In software, a package management system, also called package manager, is a collection of software tools to automate the process of installing, upgrading, configuring, and removing software packages for a computer's operating system in a consistent manner...
s can offer various degrees of patch automation.
Usage of completely automatic updates is far more widespread in the consumer market, due largely to the fact that Microsoft Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
added support for them, and Service Pack 2 of Windows XP enabled them by default.
Cautious users, particularly system administrators, tend to put off applying patches until they can verify the stability of the fixes. Microsoft (W)SUS support this. In the cases of large patches or of significant changes, distributors often limit availability of patches to qualified developers as a beta test.
Applying patches to firmware
Firmware
In electronic systems and computing, firmware is a term often used to denote the fixed, usually rather small, programs and/or data structures that internally control various electronic devices...
poses special challenges: re-embedding typically small code sets on hardware devices often involves the provision of totally new program code, rather than simply of differences from the previous version. Often the patch consists of bare binary data and a special program that replaces the previous version with the new version is provided. A motherboard
Motherboard
In personal computers, a motherboard is the central printed circuit board in many modern computers and holds many of the crucial components of the system, providing connectors for other peripherals. The motherboard is sometimes alternatively known as the mainboard, system board, or, on Apple...
BIOS
BIOS
In IBM PC compatible computers, the basic input/output system , also known as the System BIOS or ROM BIOS , is a de facto standard defining a firmware interface....
update is an example of a common firmware patch. Any unexpected error or interruption during the update, such as a power outage, may render the motherboard unusable. It is possible for motherboard manufacturers to put safeguards in place to prevent serious damage. An example safeguard is to keep a backup of the firmware to use in case the primary copy is determined to be corrupt (usually through the use of a checksum
Checksum
A checksum or hash sum is a fixed-size datum computed from an arbitrary block of digital data for the purpose of detecting accidental errors that may have been introduced during its transmission or storage. The integrity of the data can be checked at any later time by recomputing the checksum and...
, such as a CRC
Cyclic redundancy check
A cyclic redundancy check is an error-detecting code commonly used in digital networks and storage devices to detect accidental changes to raw data...
).
Computer games
Computer games receive patches to fix compatibility problems after their initial release just like any other software, but they can also be applied to change game rules or algorithmAlgorithm
In mathematics and computer science, an algorithm is an effective method expressed as a finite list of well-defined instructions for calculating a function. Algorithms are used for calculation, data processing, and automated reasoning...
s. These patches may be prompted by the discovery of exploits
Exploit (online gaming)
An exploit, in video games, is the use of a bug or design flaw by a player to their advantage in a manner not intended by the game's designers. It is often colloquially abbreviated sploit. Exploits have been classified as a form of cheating; however, the precise determination of what is or is not...
in the multiplayer game experience that can be used to gain unfair advantages over other players. Extra features and game play tweaks can often be added. These kinds of patches are common in first-person shooters with multiplayer capability, and in MMORPG
MMORPG
Massively multiplayer online role-playing game is a genre of role-playing video games in which a very large number of players interact with one another within a virtual game world....
s. MMORPGs, which are typically very complex with large amounts of content, almost always rely heavily on patches following the initial release, where patches sometimes add new content and abilities available to players. Because the balance and fairness for all players of an MMORPG can be severely corrupted within a short amount of time by an exploit, servers of an MMORPG are sometimes taken down with short notice in order to apply a critical patch with a fix.
Tools
There are several tools to aid in the patch application process, such as RTPatch, JUpdaterJUpdater
JUpdater is a project which aims to create a utility that allows developers to quickly implement version checks into Java programs. The utility ensures that the user can always be notified of new versions, and easily upgrade to the latest version from within the program, without having to do anything...
, StableUpdate
StableUpdate
StableUpdate is a cross platform library for automatic update of the installed applications on the client side. It supports the automated creation, detection, downloading, installation and removing of the service packs .- Features :...
or Visual Patch. WinZip Self-Extractor
WinZip
WinZip is a proprietary file archiver and compressor for Microsoft Windows and Mac OS X, developed by WinZip Computing...
can launch a program that can apply a patch
In software development
Patches sometimes become mandatory to fix problems with librariesLibrary (computer science)
In computer science, a library is a collection of resources used to develop software. These may include pre-written code and subroutines, classes, values or type specifications....
or with portions of source code
Source code
In computer science, source code is text written using the format and syntax of the programming language that it is being written in. Such a language is specially designed to facilitate the work of computer programmers, who specify the actions to be performed by a computer mostly by writing source...
for programs in frequent use or in maintenance. This commonly occurs on very large-scale software projects, but rarely in small-scale development.
In open source
Open source
The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology...
projects, the authors commonly receive patches or many people publish patches that fix particular problems or add certain functionality, like support for local languages outside the project's locale. In an example from the early development of the Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
operating system (noted for publishing its complete source code), Linus Torvalds
Linus Torvalds
Linus Benedict Torvalds is a Finnish software engineer and hacker, best known for having initiated the development of the open source Linux kernel. He later became the chief architect of the Linux kernel, and now acts as the project's coordinator...
, the original author, received hundreds of thousands of patches from many programmer
Programmer
A programmer, computer programmer or coder is someone who writes computer software. The term computer programmer can refer to a specialist in one area of computer programming or to a generalist who writes code for many kinds of software. One who practices or professes a formal approach to...
s to apply against his original version.
The Apache HTTP Server
Apache HTTP Server
The Apache HTTP Server, commonly referred to as Apache , is web server software notable for playing a key role in the initial growth of the World Wide Web. In 2009 it became the first web server software to surpass the 100 million website milestone...
originally evolved as a number of patches that Brian Behlendorf
Brian Behlendorf
Brian Behlendorf is a technologist, computer programmer, and an important figure in the open-source software movement. He was a primary developer of the Apache Web server, the most popular web server software on the Internet, and a founding member of the Apache Group, which later became the Apache...
collated to improve NCSA HTTPd
NCSA HTTPd
NCSA HTTPd was a web server originally developed at the NCSA by Robert McCool and others. It was among the earliest web servers developed, following Tim Berners-Lee's CERN httpd, Tony Sanders' Plexus server, and some others. It was for some time the natural counterpart to the Mosaic web browser in...
, hence a name that implies that it is a collection of patches ("a patchy server"). The FAQ on the project's official site states that the name 'Apache' was chosen from respect for the Native American Indian tribe of Apache
Apache
Apache is the collective term for several culturally related groups of Native Americans in the United States originally from the Southwest United States. These indigenous peoples of North America speak a Southern Athabaskan language, which is related linguistically to the languages of Athabaskan...
. However, the 'a patchy server' explanation was initially given on the project's website.
Security patches
A security patch is a change applied to an asset to correct the weakness described by a vulnerability. This corrective action will prevent successful exploitation and remove or mitigate a threat’s capability to exploit a specific vulnerability in an asset.Security patches are the primary method of fixing security vulnerabilities in software. Currently Microsoft releases its security patches once a month, and other operating systems and software projects have security teams dedicated to releasing the most reliable software patches as soon after a vulnerability announcement as possible. Security patches are closely tied to responsible disclosure
Responsible disclosure
Responsible disclosure is a computer security term describing a vulnerability disclosure model. It is like full disclosure, with the addition that all stakeholders agree to allow a period of time for the vulnerability to be patched before publishing the details. Developers of hardware and software...
.
Hot patching
Hot patching is the application of patches without shutting down and restarting the system or the program concerned. This addresses problems related to unavailability of service provided by the system or the program. A patch that can be applied in this way is called a hot patch.See also
- Patch (Unix)Patch (Unix)patch is a Unix program that updates text files according to instructions contained in a separate file, called a patch file. The patch file is a text file that consists of a list of differences and is produced by running the related diff program with the original and updated file as arguments...
- QuiltQuilt (software)Quilt is a software utility for managing a series of changes to the source code of any computer program. Such changes are often referred to as "patches" or "patch sets", and essentially Quilt takes N patches and turns them into a single patch...
(source code patch management utility) - PortingPortingIn computer science, porting is the process of adapting software so that an executable program can be created for a computing environment that is different from the one for which it was originally designed...
- HotfixHotfixA hotfix was originally the term applied to software patches that were applied to live i.e. still running systems. Similar use of the terms can be seen in hot swappable disk drives...
- Patchset