From fdb896a6c199eea3197144b382a70e610b683702 Mon Sep 17 00:00:00 2001
From: Caolán McNamara <caolanm@redhat.com>
Date: Jun 18 2020 08:49:37 +0000
Subject: Resolves: CVE-2020-12802 improve docx steathmode import


---

diff --git a/0001-use-the-LinkManager-persist-to-determine-the-Referer.patch b/0001-use-the-LinkManager-persist-to-determine-the-Referer.patch
new file mode 100644
index 0000000..fb59d1a
--- /dev/null
+++ b/0001-use-the-LinkManager-persist-to-determine-the-Referer.patch
@@ -0,0 +1,47 @@
+From 7d55207ec310956e5bd05aa5901a9f7ff9e53492 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
+Date: Mon, 11 May 2020 17:02:50 +0100
+Subject: [PATCH] use the LinkManager persist to determine the Referer
+
+Change-Id: I4e93878972492a93af368ffa0560412132431a24
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/94061
+Tested-by: Jenkins
+Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
+(cherry picked from commit 3ee652e1c18186a5de47797aa4b02defcb29c210)
+---
+ svx/source/svdraw/svdograf.cxx | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/svx/source/svdraw/svdograf.cxx b/svx/source/svdraw/svdograf.cxx
+index d7fa90ba0bd3..8cfe94a3bc4e 100644
+--- a/svx/source/svdraw/svdograf.cxx
++++ b/svx/source/svdraw/svdograf.cxx
+@@ -19,8 +19,10 @@
+ 
+ #include <unotools/streamwrap.hxx>
+ 
++#include <sfx2/docfile.hxx>
+ #include <sfx2/lnkbase.hxx>
+ #include <math.h>
++#include <sfx2/objsh.hxx>
+ #include <tools/helpers.hxx>
+ #include <sot/exchange.hxx>
+ #include <sot/formats.hxx>
+@@ -108,8 +110,13 @@ SdrGraphicLink::SdrGraphicLink(SdrGrafObj& rObj)
+     {
+         sfx2::LinkManager::GetDisplayNames( this, nullptr, &rGrafObj.aFileName, nullptr, &rGrafObj.aFilterName );
+ 
++        OUString sReferer(getReferer());
++        SfxObjectShell * sh = pLinkManager->GetPersist();
++        if (sh != nullptr && sh->HasName())
++            sReferer = sh->GetMedium()->GetName();
++
+         Graphic aGraphic;
+-        if (sfx2::LinkManager::GetGraphicFromAny(rMimeType, rValue, getReferer(), aGraphic, nullptr))
++        if (sfx2::LinkManager::GetGraphicFromAny(rMimeType, rValue, sReferer, aGraphic, nullptr))
+         {
+             rGrafObj.ImpSetLinkedGraphic(aGraphic);
+         }
+-- 
+2.25.4
+
diff --git a/libreoffice.spec b/libreoffice.spec
index 7c50286..f9b8855 100644
--- a/libreoffice.spec
+++ b/libreoffice.spec
@@ -248,6 +248,7 @@ Patch6: 0001-rhbz-1820868-deref-of-null-xLayoutManager.patch
 Patch7: 0001-Resolves-tdf-132288-don-t-merge-adjacent-properties-.patch
 Patch8: 0001-Keep-order-of-GDK-input-events-intact.patch
 Patch9: 0001-limit-forms-to-http-s.patch
+Patch10: 0001-use-the-LinkManager-persist-to-determine-the-Referer.patch
 
 %if 0%{?rhel}
 # not upstreamed
@@ -2153,6 +2154,7 @@ done
 %changelog
 * Thu Jun 18 2020 Caolán McNamara <caolanm@redhat.com> - 1:6.3.6.2-4
 - Resolves: rhbz#1848347 CVE-2020-12803 limit forms to http[s]
+- Resolves: CVE-2020-12802 improve docx steathmode import
 
 * Thu May 14 2020 Caolán McNamara <caolanm@redhat.com> - 1:6.3.6.2-3
 - Related: rhbz#1377293 Keep order of GDK input events intact