Patch (computing)
This article includes a list of general references, but it lacks sufficient corresponding inline citations. (February 2018) |
A patch is a set of changes to a
Patches may be installed either under programmed control or by a human programmer using an editing tool or a debugger. They may be applied to program files on a storage device, or in computer memory. Patches may be permanent (until patched again) or temporary. Similarly, patches may be prepared by hand, or created by an automatic difference-finding tool that compares two similar files and determines what changes are needed to transform one into another.
Most patches must be applied to exactly the version of the file they are intended to modify, although if the change is small and similar in a number of versions, this requirement may not apply. Many automated patching tools can support patches for multiple versions of files by detecting the version of the existing file and applying an appropriate patch. As more and more versions are released, the cumulative size of such patches may become larger than the updated file, at which point the number of supported previous versions may be reduced, or a complete copy of the updated file may be provided instead.
Patching makes possible the modification of compiled and machine language object programs when the source code is unavailable. This demands a thorough understanding of the inner workings of the object code by the person creating the patch, which is difficult without close study of the source code. Someone unfamiliar with the program being patched may install a patch using a patch utility created by another person. Even when the source code is available, patching makes possible the installation of small changes to the object program without the need to recompile or reassemble. For minor changes to software, it is often easier and more economical to distribute patches to users rather than redistributing a newly recompiled or reassembled program.
Although meant to fix problems, poorly designed patches can sometimes introduce new problems (see software regressions). In some special cases updates may knowingly break the functionality or disable a device, for instance, by removing components for which the update provider is no longer licensed.
Patch management is a part of lifecycle management, and is the process of using a strategy and plan of what patches should be applied to which systems at a specified time.
Types
Binary patches
Patches for
Patches for other software are typically distributed as data files containing the patch code. These are read by a patch
The patch code must have place(s) in memory to be executed at runtime. Inline patches are no difficulty, but when additional memory space is needed the programmer must improvise. Naturally if the patch programmer is the one who first created the code to be patched, this is easier. Savvy programmers plan in advance for this need by reserving memory for later expansion, left unused when producing their final iteration. Other programmers not involved with the original implementation, seeking to incorporate changes at a later time, must find or make space for any additional bytes needed. The most fortunate possible circumstance for this is when the routine to be patched is a distinct module. In this case the patch programmer need merely adjust the pointers or length indicators that signal to other system components the space occupied by the module; he is then free to populate this memory space with his expanded patch code. If the routine to be patched does not exist as a distinct memory module, the programmer must find ways to shrink the routine to make enough room for the expanded patch code. Typical tactics include shortening code by finding more efficient sequences of instructions (or by redesigning with more efficient algorithms), compacting message strings and other data areas, externalizing program functions to mass storage (such as disk overlays), or removal of program features deemed less important than the changes to be installed with the patch.
Small in-memory machine code patches can be manually applied with the system debug utility, such as CP/M's DDT or MS-DOS's DEBUG debuggers. Programmers working in interpreted BASIC often used the POKE command to alter the functionality of a system service routine or the interpreter itself.
Source code patches
Patches can also circulate in the form of source code modifications. In this case, the patches usually consist of textual differences between two source code files, called "
Large patches
Because the word "patch" carries the connotation of a small fix, large fixes may use different nomenclature. Bulky patches or patches that significantly change a program may circulate as "
History
This section needs additional citations for verification. (November 2020) |
Historically, software suppliers distributed patches on
Computer programs can often coordinate patches to update a target program. Automation simplifies the end-user's task – they need only to execute an update program, whereupon that program makes sure that updating the target takes place completely and correctly. Service packs for
Some programs can update themselves via the Internet with very little or no intervention on the part of users. The maintenance of server software and of operating systems often takes place in this manner. In situations where system administrators control a number of computers, this sort of automation helps to maintain consistency. The application of security patches commonly occurs in this manner.
With the advent of larger storage media and higher Internet bandwidth, it became common to replace entire files (or even all of a program's files) rather than modifying existing files, especially for smaller programs.
Application
The size of patches may vary from a few
In the case of
Usage of completely automatic updates has become far more widespread in the consumer market, due largely[
Applying patches to firmware poses special challenges, as it often involves the provisioning of totally new firmware images, rather than applying only the differences from the previous version. The patch usually consists of a firmware image in form of binary data, together with a supplier-provided special program that replaces the previous version with the new version; a motherboard BIOS update is an example of a common firmware patch. Any unexpected error or interruption during the update, such as a power outage, may render the motherboard unusable. It is possible for motherboard manufacturers to put safeguards in place to prevent serious damage; for example, the update procedure could make and keep a backup of the firmware to use in case it determines that the primary copy is corrupt (usually through the use of a checksum, such as a CRC).
Video games
Companies sometimes release games knowing that they have bugs. Computer Gaming World's Scorpia in 1994 denounced "companies—too numerous to mention—who release shoddy product knowing they can get by with patches and upgrades, and who make 'pay-testers of their customers".[6]
In software development
Patches sometimes become mandatory to fix problems with
In open-source projects, the authors commonly receive patches or many people publish patches that fix particular problems or add certain functionality, like support for local languages outside the project's locale. In an example from the early development of the Linux kernel (noted for publishing its complete source code), Linus Torvalds, the original author, received hundreds of thousands of patches from many programmers to apply against his original version.
The Apache HTTP Server originally evolved as a number of patches that Brian Behlendorf collated to improve NCSA HTTPd, hence a name that implies that it is a collection of patches ("a patchy server"). The FAQ on the project's official site states that the name 'Apache' was chosen from respect for the Native American Indian tribe of Apache. However, the 'a patchy server' explanation was initially given on the project's website.[7]
Variants
Hotfix
A hotfix or Quick Fix Engineering update (QFE update) is a single, cumulative package that includes information (often in the form of one or more files) that is used to address a problem in a software product (i.e., a software bug). Typically, hotfixes are made to address a specific customer situation. Microsoft once used this term but has stopped in favor of new terminology: General Distribution Release (GDR) and Limited Distribution Release (LDR). Blizzard Entertainment, however, defines a hotfix as "a change made to the game deemed critical enough that it cannot be held off until a regular content patch".
Point release
A point release is a
Program temporary fix
Program temporary fix or Product temporary fix (PTF), depending on date, is the standard IBM terminology for a single bug fix, or group of fixes, distributed in a form ready to install for customers. A PTF was sometimes referred to as a “ZAP”.[8] Customers sometime explain the acronym in a tongue-in-cheek manner as permanent temporary fix or more practically probably this fixes, because they have the option to make the PTF a permanent part of the operating system if the patch fixes the problem.
Security patches
A security patch is a change applied to an asset to correct the weakness described by a vulnerability. This corrective action will prevent successful exploitation and remove or mitigate a threat's capability to exploit a specific vulnerability in an asset. Patch management is a part of vulnerability management – the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities.
Security patches are the primary method of fixing security vulnerabilities in software. Currently Microsoft releases its security patches once a month, and other operating systems and software projects have security teams dedicated to releasing the most reliable software patches as soon after a vulnerability announcement as possible. Security patches are closely tied to
These security patches are critical to ensure that business process does not get affected. In 2017, companies were struck by a ransomware called WannaCry which encrypts files in certain versions of Microsoft Windows and demands a ransom via BitCoin. In response to this, Microsoft released a patch which stops the ransomware from running.
Service pack
A service pack or SP or a feature pack (FP) comprises a collection of updates, fixes, or enhancements to a software program delivered in the form of a single installable package. Companies often release a service pack when the number of individual patches to a given program reaches a certain (arbitrary) limit, or the software release has shown to be stabilized with a limited number of remaining issues based on users' feedback and bug tracking such as Bugzilla. In large software applications such as office suites, operating systems, database software, or network management, it is not uncommon to have a service pack issued within the first year or two of a product's release. Installing a service pack is easier and less error-prone than installing many individual patches, even more so when updating multiple computers over a network, where service packs are common.
Unofficial patches
An unofficial patch is a patch for a program written by a third party instead of the original
Monkey patches
Monkey patching means extending or modifying a program locally (affecting only the running instance of the program).
Hot patching
Hot patching, also known as live patching or dynamic software updating, is the application of patches without shutting down and restarting the system or the program concerned. This addresses problems related to unavailability of service provided by the system or the program.[13] Method can be used to update Linux kernel without stopping the system.[14][15] A patch that can be applied in this way is called a hot patch or a live patch. This is becoming a common practice in the mobile app space.
Cloud providers often use hot patching to avoid downtime for customers when updating underlying infrastructure.[19]
Slipstreaming
In computing, slipstreaming is the act of integrating patches (including service packs) into the installation files of their original app, so that the result allows a direct installation of the updated app.[20][21]
The nature of slipstreaming means that it involves an initial outlay of time and work, but can save a lot of time (and, by extension, money) in the long term. This is especially significant for administrators that are tasked with managing a large number of computers, where typical practice for installing an operating system on each computer would be to use the original media and then update each computer after the installation was complete. This would take a lot more time than starting with a more up-to-date (slipstreamed) source, and needing to download and install the few updates not included in the slipstreamed source.
However, not all patches can be applied in this fashion and one disadvantage is that if it is discovered that a certain patch is responsible for later problems, said patch cannot be removed without using an original, non-slipstreamed installation source.
Software update systems
Software update systems allow for updates to be managed by users and software developers. In the
See also
- Software release life cycle
- Software maintenance
- Backporting
- Dribbleware
- Patch (Unix)
- Porting
- Vulnerability database
- Delta encoding
- SMP/E
- Automatic bug fixing
- Shavlik Technologies
- White hat (computer security)
References
- ^ a b "Microsoft issues biggest software patch on record". Reuters. 2009-10-14. Archived from the original on 16 October 2009. Retrieved 14 October 2009.
- ^ "What is a Bug Fix? – Definition from Techopedia". techopedia.com. Archived from the original on 2018-07-03. Retrieved 2015-07-29.
- ^ "Service Pack and Update Center". windows.microsoft.com. Archived from the original on 2015-06-01. Retrieved 2015-06-01.
- ^ "Glossary of terms". www.tavi.co.uk. Archived from the original on 2016-12-01. Retrieved 2016-11-23.
- ISBN 9781477205402. Retrieved 2015-01-08.
Uninstall High Definition Audio driver patch KB835221 & KB888111 [...]
- ^ Scorpia (April 1994). "So You Want To Be A Hero?". Scorpion's View. Computer Gaming World. pp. 54–58.
- ^ "Apache HTTP Server Project". 15 June 1997. Archived from the original on 15 June 1997.
{{cite web}}
: CS1 maint: bot: original URL status unknown (link) - ^ "SPZAP (a.k.a. Superzap): Dynamically update programs or data". IBM Knowledge Center. Archived from the original on 2020-05-24. Retrieved 2020-02-23.
- ^ Barwise, Mike (2007-10-16). "Unofficial patch for Windows URI problem". The H Security. Archived from the original on 2021-04-29. Retrieved 2012-01-29.
- ^ "Another unofficial IE patch offered to counter critical flaw". Computer Weekly. 2006-03-30. Archived from the original on 2021-05-02. Retrieved 2013-07-09.
Another unofficial patch has been released to counter a critical flaw in Microsoft's Internet Explorer browser.
- ^ Wen, Howard (2004-06-10). "Keeping the Myths Alive". linuxdevcenter.com. Archived from the original on 2013-04-06. Retrieved 2012-12-22.
[...]fans of the Myth trilogy have taken this idea a step further: they have official access to the source code for the Myth games. Organized under the name MythDevelopers, this all-volunteer group of programmers, artists, and other talented people devote their time to improving and supporting further development of the Myth game series.
- ^ Bell, John (2009-10-01). "Opening the Source of Art". Technology Innovation Management Review. Archived from the original on 2014-03-30. Retrieved 2012-12-30.
[...]that no further patches to the title would be forthcoming. The community was predictably upset. Instead of giving up on the game, users decided that if Activision wasn't going to fix the bugs, they would. They wanted to save the game by getting Activision to open the source so it could be kept alive beyond the point where Activision lost interest. With some help from members of the development team that were active on fan forums, they were eventually able to convince Activision to release Call to Power II's source code in October of 2003.
- ^ "Oracle Magazine". Oracle.com. Archived from the original on 2008-05-14. Retrieved 2013-01-04.
- ^ "Live patching the Linux kernel". Archived from the original on 2020-10-28. Retrieved 2020-10-25.
- ^ "Linux Kernel Live Patching: What It is and Who Needs It". 6 March 2020. Archived from the original on 28 October 2020. Retrieved 25 October 2020.
- ^ "Hot or Not? The Benefits and Risks of iOS Remote Hot Patching « Threat Research Blog". FireEye. Archived from the original on 2016-10-26. Retrieved 2016-10-26.
- ^ Perez, Sarah (22 September 2015). "Rollout.io Puts Mobile Developers Back In Control Of Their Apps". TechCrunch. Archived from the original on 2016-11-27. Retrieved 2016-10-26.
- ^ "bang590/JSPatch". GitHub. Archived from the original on 2017-01-04. Retrieved 2016-10-26.
- ^ "Hot Patching SQL Server Engine in Azure SQL Database". Techcommunity Microsoft. 2019-09-11. Archived from the original on 2019-09-13. Retrieved 2019-09-15.
- PC Magazine. Ziff Davis. Archivedfrom the original on 9 January 2018. Retrieved 7 September 2017.
- ^ Thurrott, Paul (7 May 2008). "Slipstreaming Windows XP with Service Pack 3 (SP3)". Supersite for Windows. Penton. Archived from the original on 11 December 2016. Retrieved 3 December 2016.
- ^ Thomson, Iain. "Virus (cough, cough, Petya) goes postal at FedEx, shares halted". The Register. Archived from the original on 1 July 2017. Retrieved 29 June 2017.
- ^ "New Petya Distribution Vectors Bubbling to Surface". Threatpost. 28 June 2017. Archived from the original on 28 June 2017. Retrieved 29 June 2017.
- ^ "Deterministic Builds Part One: Cyberwar and Global Compromise | The Tor Blog". blog.torproject.org. Archived from the original on 23 June 2017. Retrieved 11 July 2017.
- ISBN 978-1598637656. Retrieved 11 July 2017.
- ^ Magazines, S. P. H. (2007). HWM. SPH Magazines. Retrieved 11 July 2017.
External links
- The Jargon File entry for patch
- A detailed masters dissertation dealing with security patches
- Official Linux kernel patch format
- 0-Day Patch - Exposing Vendors (In)security Performance. Archived 2014-01-31 at the Wayback Machine. A metric comparing patch performance of Microsoft and Apple.