What is an OS X "Patch" versus an "Update"

Hi Robert Paris;

A patch repair the system file where the code for bug is located. Whereas an update replaces the whole file. Hence the patch can be smaller then the update. But some time an update will fix problems that a patch is not able to. Hence the reason why you see the recommendation to use the Combo Update if someone has problems with the Delta Update.

Allan

there is no difference. you are worrying about wrong things. full combo update is bigger because it combines all previous point updates. it's certainly ok to use automatic software update which installs incremental updates. that's the default and that's what most people do. the important thing is to have a full working backup before any update. that applies regardless of whether you use a combo or a delta update.

I didn't get a patch option for 10.5.6, but in the past, the "patch" versions of upgrades didn't contain full copies of files -- they presumably contain pieces of any updated files, which the installer somehow manages to merge with the existing file to generate a fully updated copy. Since they don't contain all of the whole files, the "patch" updates can be considerably smaller than the regular "delta" update which does.

A "combo" update is something else entirely -- whereas both the "patch" and "delta" updates usually released by Apple are "incremental" updates (eg. in Leopard, only bumping up the version by one 10.5.x version), a "combo" update of eg. Leopard can be used to upgrade from any previous version of 10.5. Since they contain full copies of any file updated to date, a "combo" update will naturally be the largest of the three.

Since I haven't been able to examine a recent "patch" update, I can't say whether or not this is still true, but one consequence of the "patch" mechanism in earlier patches was that temporary files were created where the contents of the update are first expanded, prior to patching of the existing file. This intermediate step wasn't accounted for correctly while updating the permissions repair database, resulting in spurious messages about "SUID" files being modified. Furthermore, this flaw could be exploited by an unprivileged "standard" user to create a situation that could result in them being granted "root" privileges.

Again, I can't confirm that this problem still exists, but if it hasn't been fixed, then it would be advisable to avoid "patch" updates if you are in charge of administering a computer shared by users that aren't fully trusted, such as in a school situation.

Hi Robert Paris;

I like to keep things simple. So I do the delta update first and test it. If everything tests good, I am done. If not, then I do the combo update and test. If everything tests good, I am done. If not, I fall back to my clone and figure out why I am having problems.

So far for me the first step has always worked.

Allan

Jumping in late, but here's my take on things, using 10.5.6 as the example:

patch a tailored delta install of an update for your machine, that only applies if you're running the previous latest update (10.5.5 in this case).

*Mac OS X 10.5.6 Update* universal update for all machines running 10.5.5.

*Mac OS X 10.5.6 Combo Update* universal update for all machines running 10.5.0 or later (up to 10.5.5).

As for which to use, see http://discussions.apple.com/message.jspa?messageID=8646043, for starters. I usually beta-test the updates and when it goes golden (i.e., is available for everyone), I run the COMBO update on a clone of my pristine previous system just to check it out. If that works without any issues, I eventually replace all of my backups with a clone of the one I ran the COMBO on.

Thanks for the feedback. Good computing.

baltwo wrote:
patch a tailored delta install of an update for your machine, that only applies if you're running the previous latest update (10.5.5 in this case).

Are you sure the patch version is machine-specific? I downloaded the 10.5.6 update via Software Update's "Download Only" option using my iMac G5, which put a 190.9 MB "MacOSXUpd10.5.6Patch.pkg" file into ~/Downloads/, & used that to update both the G5 & my MacBook. (Details are at http://discussions.apple.com/thread.jspa?messageID=8647967&#8647967.)

The two Macs are quite different, yet the 10.5.6 patch file seems to have successfully updated both of them with no problem.

It's probably a good thing that you didn't proceed to install the patch - it was probably an incomplete download. A quick review of the web strongly suggests that 190MB is the correct size for the 10.5.6 "patch" but many users are reporting incomplete downloads somehow passing the checksum validation, but failing to update.

Apple even has a technote on the issue, implicitly acknowledging that "Software Update" has a checksum verification bug:
http://support.apple.com/kb/TS2383

The Apple article suggests (more or less) that the issue can be avoided by downloading the update first, then doing the install afterwards. This is in effect what I did by choosing the "Download only" option in Software Update -- the download went into /Library/Downloads but was not installed. Later, when I ran Software Update again on the G5, it used that downloaded file to do the update rather than downloading a new copy.

I don't know if I had used the normal 'install now' method that I would have been struck by this bug in which a partial download is attempted to be installed, but the "Download only" option certainly seems to be one way to avoid it: just wait until the file appears in /Library/Downloads, check its size, & then click the install button in Software Update.

Also, I agree that from everything I can find, the final size should be 190.9 MB (which implies this is not a model-specific patch). But if there is any doubt in your mind about this, you can instead download the delta or combo versions manually from Apple's downloads site.