diff --git a/Changes b/Changes
index 24d38eccb..3d59db11c 100644
--- a/Changes
+++ b/Changes
@@ -1,5 +1,12 @@
Revision history for GLPI agent
+1.7.2 not yet released
+
+packaging:
+* [SECURITY] Fix CVE-2024-28241: A local user could modify the GLPI-Agent installation
+ to gain higher privileges, but only when GLPI Agent is not installed in the default
+ installation folder
+
1.7.1 Fri, 22 Dec 2023
core:
diff --git a/Makefile.PL b/Makefile.PL
index 01fdd76c1..d45d02791 100644
--- a/Makefile.PL
+++ b/Makefile.PL
@@ -14,7 +14,7 @@ include 'Module::AutoInstall';
abstract 'GLPI unified Agent for UNIX, Linux, Windows and MacOSX';
license 'gpl';
repository 'https://github.com/glpi-project/glpi-agent';
-version '1.7.1';
+version '1.7.2-dev';
perl_version '5.008';
authors 'Teclib Editions';
diff --git a/contrib/windows/glpi-agent-packaging.pl b/contrib/windows/glpi-agent-packaging.pl
index 70e999df7..60bf4b3a8 100644
--- a/contrib/windows/glpi-agent-packaging.pl
+++ b/contrib/windows/glpi-agent-packaging.pl
@@ -398,7 +398,16 @@ sub _tree2xml {
# see: http://stackoverflow.com/questions/10358989/wix-using-keypath-on-components-directories-files-registry-etc-etc
$feat = $self->_get_dir_feature($dir_id);
$result .= $ident ." ". qq[\n];
- $result .= $ident ." ". qq[ \n];
+ if ($dir_id eq 'd_install') {
+ $result .= $ident ." ". qq[ \n];
+ $result .= $ident ." ". qq[ \n];
+ $result .= $ident ." ". qq[ \n];
+ $result .= $ident ." ". qq[ \n];
+ $result .= $ident ." ". qq[ \n];
+ $result .= $ident ." ". qq[ \n];
+ } else {
+ $result .= $ident ." ". qq[ \n];
+ }
if ($dir_id eq 'd_var') {
$result .= $ident ." ". qq[ \n];
} elsif ($dir_id eq 'd_etc') {
@@ -411,11 +420,16 @@ sub _tree2xml {
$result .= $ident ." ". qq[\n];
# Also add virtual folder properties under d_install
if ($dir_id eq 'd_install') {
- foreach my $id (qw(_LOCALDIR)) {
+ foreach my $id (qw(LOCAL)) {
$result .= $ident ." ". qq[\n];
($component_id, $component_guid) = $self->_gen_component_id(lc($id).".create");
$result .= $ident ." ". qq[\n];
- $result .= $ident ." ". qq[ \n];
+ $result .= $ident ." ". qq[ \n];
+ $result .= $ident ." ". qq[ \n];
+ $result .= $ident ." ". qq[ \n];
+ $result .= $ident ." ". qq[ \n];
+ $result .= $ident ." ". qq[ \n];
+ $result .= $ident ." ". qq[ \n];
$result .= $ident ." ". qq[ \n];
$result .= $ident ." ". qq[\n];
$result .= $ident ." ". qq[\n];
diff --git a/contrib/windows/packaging/MSI_main-v2.wxs.tt b/contrib/windows/packaging/MSI_main-v2.wxs.tt
index eba3aa442..44c467c8f 100644
--- a/contrib/windows/packaging/MSI_main-v2.wxs.tt
+++ b/contrib/windows/packaging/MSI_main-v2.wxs.tt
@@ -436,6 +436,12 @@
+
+
+
+
+
+
@@ -448,6 +454,13 @@
+
+
+
+ "" AND NOT LOCAL>>"\" AND NOT REMOVE~="ALL"]]>
+ "" AND NOT REMOVE~="ALL"]]>
+ "" AND NOT REMOVE~="ALL"]]>
+
diff --git a/lib/GLPI/Agent/Version.pm b/lib/GLPI/Agent/Version.pm
index 0dbd6cee6..918dedf1f 100644
--- a/lib/GLPI/Agent/Version.pm
+++ b/lib/GLPI/Agent/Version.pm
@@ -3,7 +3,7 @@ package GLPI::Agent::Version;
use strict;
use warnings;
-our $VERSION = "1.7.1";
+our $VERSION = "1.7.2-dev";
our $PROVIDER = "GLPI";
our $COMMENTS = [];
@@ -31,5 +31,5 @@ agent issue is reported.
One very useful information should be first defined like in that example:
our $COMMENTS = [
- "Based on GLPI Agent 1.7.1"
+ "Based on GLPI Agent 1.7.2-dev"
];