Magento Patch – SUPEE-5994 – PEAR Error

magento_logoThere have been a series of Security issues recently.   The major systems that power the web Magento and WordPress have had critical vulnerabilities (wordpress) (magento).  I won’t go into the details of both, but the important part is that you need to patch your systems.

In particular Magento had 3 patches that need to be added to your system.  One covers the shoplift vulnerability and the others are necessary to keep a secure site.   You can obtain the patches here under the Patches section.

SUPEE-5994 – PEAR ERROR

I ran into an issue with the SUPEE-5994 Patch when installing on both a 1.9 and 1.7 system.   I wanted to share for those who may have the same challenges.  Here is the error I received.

ERROR: Patch can't be applied/reverted successfully.
can't find file to patch at input line 347
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|diff --git lib/PEAR/PEAR/PEAR.php lib/PEAR/PEAR/PEAR.php
|index b4633bf..e6f8edc 100644
|--- lib/PEAR/PEAR/PEAR.php
|+++ lib/PEAR/PEAR/PEAR.php
--------------------------

magento_patch2

Research Magento 5994 PEAR Error

After a bit of research I found that the issue was related to the PEAR folder not being present on all of the sites having issues.  I have not looked at why some of the Magento installs don’t have this folder /lib/PEAR, I will have to investigate a bit more.  Image of files missing from <rootfolder>/lib

Files Missing for /Lib folder
Files Missing for /Lib folder

Solution

To solve this error I was able to download the source for Magento , extract the files needed, upload to the server, and run the patch.  Here are the steps.

Download source from Magento.com, and select your version.  If you don’t know what version of magento you are running, it can be found at the bottom of the Admin page.

Extract the source code or just the /lib/PEAR folder structure, and move this folder and these files to your site.  I prefer to use FTP to make sure the proper folder owner and permissions are maintained.  If you are using SSH remember to chown the files properly as that site’s owner.

magento_files

Run the SUPEE-5994 patch

I tend to upload the patches to the sever and then mark them with the 755 permission to allow for all users to have access to the patch.   To run the patch execute this command

sh PATCH_SUPEE-5994_EE_1.14.1.0_v1-2015-05-14-05-05-02.sh

If the patch runs successfully you will see this output. “Patch was applied/reverted successfully

magento_success

Verify Patches

Last step I do is to validate that the patches are applied.  You can do this by checking a file on your site called /app/etc/applied.patches.listmagento_listpatch

more <siterootpath>/app/etc/applied.patches.list

This is the output of that file. Showing the patches installed (1533, 5344, 3941, and 5994)

magento_patch3

After this you should be all set.

External Test

Because of the severity of the vulnerability in Magento there is a great external test you can also use.  The Magento.com site has created a link to a test by the team (Byte)

The ShipLift bug is a very critical issue for Magento sites.  You can see from the graph at Byte.nl that there are still over 69k sites still not patched  at this time of writing.

Final Word

Take a few minutes, backup your site and run the patches.  I realize that Magento patches are not as easy as the WordPress upgrade / update process, but in reality they are not that hard.  Just patch and test so you are not one of the 69k sites that are prone to attack and vulnerability.

Leave a Comment