cancel
Showing results for 
Search instead for 
Did you mean: 

Security patch 6788 (secrets leak) on 1.9.2.1

SOLVED

Security patch 6788 (secrets leak) on 1.9.2.1

HI folks,

 

Patched many installations of magento before and had very few issues.

 Getting the following error.

 sh PATCH_SUPEE-6788_CE_1.9.2.1_v1-2015-10-26-11-38-41.sh
Checking if patch can be applied/reverted successfully...
ERROR: Patch can't be applied/reverted successfully.

patching file .htaccess
Hunk #1 FAILED at 207.
1 out of 1 hunk FAILED -- saving rejects to file .htaccess.rej

 

Saw people saying on another forum post about 1.9.1 that it is fickle to customised htaccess files, so renamed my one andcopied over from the .htaccess.sample file. no good

Changed file owner to root just in case and made no difference

with and without a maintenance.flag file

without a .htaccess file

 

Line 207 is just +

 

The lines surrounding it look like

 

+++ .htaccess.sample
@@ -176,3 +176,27 @@

     #FileETag none

+###########################################
+## Deny access to cron.php
+    <Files cron.php>
+
+############################################
+## uncomment next lines to enable cron access with base HTTP authorization
+## http://httpd.apache.org/docs/2.2/howto/auth.html

 

Tried commenting out that line in the file.

 

Any help much appreciated.

 

phpinfo:

 

PHP Version 5.4.45

 

SystemLinux host.domain.com 2.6.32-358.18.1.el6.x86_64 #1 SMP Wed Aug 28 17:19:38 UTC 2013 x86_64
Build DateSep 30 2015 15:55:58
Server APICGI/FastCGI
5 REPLIES

Re: Security patch 6788 (secrets leak) on 1.9.2.1

Going to Magento Connect Manager and upgrading everything doesn't do the trick?

 

Do we apply the patch before or after the upgrade via Magento Connect Manager?

Re: Security patch 6788 (secrets leak) on 1.9.2.1

Tried all of the above as well. Still getting the same issue. I'm on the same version of magento. 

Re: Security patch 6788 (secrets leak) on 1.9.2.1

No as of this moment they haven't updated the downloader at https://www.magentocommerce.com/download to the latest version. The downloader, terminal updater and Magento connect all get the downloads from the same place. Othewise I would have updated to 1.9.2.2 already.

 

Re: Security patch 6788 (secrets leak) on 1.9.2.1

Okay so I have got it sorted out.

 

Basically, make sure you do the following.

 

Download 1.9.2.1 full download from the Release Archive page here https://www.magentocommerce.com/download

 

Copy full the /dev folder up to the server and overwirte what is there.

 

Rename your own htaccess file and copy both .htaccess and .htaccess.sample from the 1.9.2.1 download.

 then run the patch file.

 

Once it runs successfully, make sure you update your custom template files as per here. https://gist.github.com/gwillem/dd421fef3a6370097a93#file-6788-diff-L2518

 

change your admin and downloader dir names - https://support.hypernode.com/knowledgebase/how-to-protect-your-magento-store-against-brute-force/

 

And then start the process of cataloging all the extensions that need the  admin flag updating http://pastebin.com/n4Tp8R6R

 

Good luck everyone.

Re: Security patch 6788 (secrets leak) on 1.9.2.1

Magento Patch Security-patch-6788 - Updating from 1.9.2.1
 Full instructions
Download patch from https://www.magentocommerce.com/download

Upload via ftp to the root of your magento install

domain.com/httpdocs or domain.com/htdocs or similar

Download 1.9.2.1 full download from the Release Archive page here https://www.magentocommerce.com/download

Copy full the /dev folder up to your magento install and overwrite what is there.

Rename your own htaccess file and copy both .htaccess and .htaccess.sample from the 1.9.2.1 download.

then run the patch file.

Update your cron task.

check it - >crontab -l
edit it - >crontab -e

type ‘i’ to edit/insert

add in below line
*/5 * * * * php /var/www/vhosts/domain.com/httpdocs/cron.php

press escape (top left of keyboard)

type :wq (this means write file then quit)

screen should say ‘crontab: installing new crontab’

If you would like to monitor your cron tasks for a particular magento site, please check the following links.

https://blog.nexcess.net/2010/10/03/finding-the-status-of-magento-cron-jobs-tasks/
http://fbrnc.net/blog/2011/03/magento-cron-scheduler#hello


Once it runs successfully, make sure you update your custom template files as per here. https://gist.github.com/gwillem/dd421fef3a6370097a93#file-6788-diff-L2518

change your admin and downloader dir names or restrict via htaccess - https://support.hypernode.com/knowledgebase/how-to-protect-your-magento-store-against-brute-force/

And then start the process of cataloging all the extensions that need the  admin flag updating http://pastebin.com/n4Tp8R6R

Good luck everyone.