15 May

Magento Releases New Security Patch SUPEE-5994

At Prohost.be we highly encourage that you keep your Magento patched with all the latest security patches. This will help keep your Magento installation and customer data secure. To help we are providing you with simple directions and resources in order to apply the latest patch.

These directions only apply to Magento version 1.6.0.0 – 1.9.1.1

Downloading Patches

If you want to get the patch directly from Magento you should go their download page.

If you don’t want to sign into Magento and you want to directly download the file to your server to run. Then you can use the following command to download directly into your web directory.

cd /home/path_to_magento
wget https://downloads.prohost.be/PATCH_SUPEE-5994_EE_1.14.1.0_v1-2015-05-14-05-05-02.sh

This must be run from directly from your server since we limit access to these files to our¬†client server IP’s.

Applying Patch

Once you have the Patch file within your Magento Web Directory you will need to run it.
To do this you will need shell access to your server (preferably as the same user that has ownership of Magento file). If you don’t have access and don’t know how to setup then contact support to setup shell access.
Make sure your in the right directory by listing the files and checking for the PATCH file.

ls -l

If you aren’t in the correct directory you will want to change directories to your web directory.

cd /home/path_to_magento

If you aren’t sure your not sure which directory this command should help you find where it is relative to your current directory.

find ./ -name "Mage.php"

Now that you are in the correct directory you will want to apply the patch. To do this you just need to run the file.

chmod +x PATCH_SUPEE-5994_EE_1.14.1.0_v1-2015-05-14-05-05-02.sh
./PATCH_SUPEE-5994_EE_1.14.1.0_v1-2015-05-14-05-05-02.sh

Troubleshooting

Hunk FAILED

When applying the patch you may get errors similar to.

Hunk #[n] FAILED at [line].
1 out of 1 hunk FAILED -- saving rejects to file [file path].rej

Essentially this means that the existing file differed from it’s expected value. This likely means that the file was edited at some point.
The first reason could be that the patch was already applied. To check this you will watch to look in applied.patches.list. cat app/etc/applied.patches.list If the patch is listed in the output of that file then it has already been applied.
Otherwise to fix you will want to download your version of Magento and compare the file referenced at [file path] diff -y /home/path_to_default_magento/path_to_file /home/path_to_magento/path_to_file and copy Magento’s version of the file in it’s place. Later after the patch is applied you can revert any changes that you found in the diff.

Clean Up

Once a patch has been applied to your system your should remove the file from your system.

rm -f PATCH_SUPEE-5994_EE_1.14.1.0_v1-2015-05-14-05-05-02.sh

If for some reason you don’t want to remove from your system then you should at least remove executable permissions from the file.

chmod -x PATCH_SUPEE-5994_EE_1.14.1.0_v1-2015-05-14-05-05-02.sh

photo credit: Gesichert 2 via photopin (license)

Share this

Leave a reply

Leave a Reply