Patch (computing)

A patch is data that is intended to be used to modify an existing software resource such as a program or a file, often to fix bugs and security vulnerabilities.

Typically, a patch needs to be applied to the specific version of the resource it is intended to modify, although there are exceptions.

Patching allows for modifying a compiled (machine language) program when the source code is unavailable.

Patches for proprietary software are typically distributed as executable files instead of source code.

Inline patches are no difficulty, but when additional memory space is needed the programmer must improvise.

Savvy programmers plan in advance for this need by reserving memory for later expansion, left unused when producing their final iteration.

Other programmers not involved with the original implementation, seeking to incorporate changes at a later time, must find or make space for any additional bytes needed.

Typical tactics include shortening code by finding more efficient sequences of instructions (or by redesigning with more efficient algorithms), compacting message strings and other data areas, externalizing program functions to mass storage (such as disk overlays), or removal of program features deemed less important than the changes to be installed with the patch.

In this case, the patches usually consist of textual differences between two source code files, called "diffs".

Starting with Apple's Mac OS 9 and Microsoft's Windows ME, PC operating systems gained the ability to get automatic software updates via the Internet.

Service packs for Microsoft Windows NT and its successors and for many commercial software products adopt such automated strategies.

In situations where system administrators control a number of computers, this sort of automation helps to maintain consistency.

In particular, patches can become quite large when the changes add or replace non-program data, such as graphics and sounds files.

In the case of operating systems and computer server software, patches have the particularly important role of fixing security holes.

[citation needed] Package management systems can offer various degrees of patch automation.

Usage of completely automatic updates has become far more widespread in the consumer market, due largely[citation needed] to the fact that Microsoft Windows added support for them[when?

Cautious users, particularly system administrators, tend to put off applying patches until they can verify the stability of the fixes.

It is possible for motherboard manufacturers to put safeguards in place to prevent serious damage; for example, the update procedure could make and keep a backup of the firmware to use in case it determines that the primary copy is corrupt (usually through the use of a checksum, such as a CRC).

These patches may be prompted by the discovery of exploits in the multiplayer game experience that can be used to gain unfair advantages over other players.

Computer Gaming World's Scorpia in 1994 denounced "companies—too numerous to mention—who release shoddy product knowing they can get by with patches and upgrades, and who make 'pay-testers of their customers".

[6] Patches sometimes become mandatory to fix problems with libraries or with portions of source code for programs in frequent use or in maintenance.

The FAQ on the project's official site states that the name 'Apache' was chosen from respect for the Native American Indian tribe of Apache.

Blizzard Entertainment, however, defines a hotfix as "a change made to the game deemed critical enough that it cannot be held off until a regular content patch".

In 2017, companies were struck by a ransomware called WannaCry which encrypts files in certain versions of Microsoft Windows and demands a ransom via BitCoin.

Companies often release a service pack when the number of individual patches to a given program reaches a certain (arbitrary) limit, or the software release has shown to be stabilized with a limited number of remaining issues based on users' feedback and bug tracking such as Bugzilla.

[18] Cloud providers often use hot patching to avoid downtime for customers when updating underlying infrastructure.

[22][23] On the Tor Blog, cybersecurity expert Mike Perry states that deterministic, distributed builds are likely the only way to defend against malware that attacks the software development and build processes to infect millions of machines in a single, officially signed, instantaneous update.

Applications like Synaptic use cryptographic checksums to verify source/local files before they are applied to ensure fidelity against malware.

A program tape for the 1944 Harvard Mark I , one of the first digital computers. Note physical patches used to correct punched holes by covering them.
A Sparkle software update prompt on macOS