From 1fc728df3fa7da045d380329797ac29e541eedab Mon Sep 17 00:00:00 2001
From: Fred Gleason <fredg@paravelsystems.com>
Date: Fri, 24 Jan 2025 18:13:53 -0500
Subject: [PATCH] 2025-01-24 Fred Gleason <fredg@paravelsystems.com> 	*
 Fixed a bug in the WebGet service that caused uploads to fail when 	using
 an Apache package with 'PrivateTmp=true' set in it's Systemd 	service
 definition.

Signed-off-by: Fred Gleason <fredg@paravelsystems.com>
---
 ChangeLog                    | 4 ++++
 lib/rdformpost.cpp           | 7 ++++++-
 systemd/rivendell.service.in | 3 ++-
 3 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 9450583a..d04acb77 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -24950,3 +24950,7 @@
 2025-01-23 Fred Gleason <fredg@paravelsystems.com>
 	* Fixed a bug in 'RDPam' that could cause a segfault when processing
 	an authentication.
+2025-01-24 Fred Gleason <fredg@paravelsystems.com>
+	* Fixed a bug in the WebGet service that caused uploads to fail when
+	using an Apache package with 'PrivateTmp=true' set in it's Systemd
+	service definition.
diff --git a/lib/rdformpost.cpp b/lib/rdformpost.cpp
index c8da5de4..5c72fdd0 100644
--- a/lib/rdformpost.cpp
+++ b/lib/rdformpost.cpp
@@ -96,6 +96,10 @@ RDFormPost::RDFormPost(RDFormPost::Encoding encoding,bool auto_delete)
     post_error=RDFormPost::ErrorNoTempDir;
     return;
   }
+  if(chmod(post_tempdir->path().toUtf8(),0755)!=0) {
+    post_error=RDFormPost::ErrorNoTempDir;
+    return;
+  }
 
   //
   // (Perhaps) autodetect the encoding type
@@ -746,7 +750,8 @@ bool RDFormPost::GetMimePart(QString *name,QString *value,bool *is_file,
 	    }
 	    if(f2[0]=="filename") {
 	      *value=post_tempdir->path()+"/"+f2[1].replace("\"","");
-	      fd=open(value->toUtf8(),O_WRONLY|O_CREAT,S_IRUSR|S_IWUSR);
+	      fd=open(value->toUtf8(),O_WRONLY|O_CREAT,
+		      S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
 	      *is_file=true;
 	    }
 	  }
diff --git a/systemd/rivendell.service.in b/systemd/rivendell.service.in
index 772ecd20..80146ea5 100644
--- a/systemd/rivendell.service.in
+++ b/systemd/rivendell.service.in
@@ -9,7 +9,8 @@ LimitNOFILE=4096
 Type=simple
 ExecStart=@prefix@/sbin/rdservice
 Environment=JACK_PROMISCUOUS_SERVER=audio
-PrivateTmp=false
+PrivateTmp=true
+JoinsNamespaceOf=@APACHE_PKG@
 Restart=always
 RestartSec=2
 StartLimitInterval=120