+++ /dev/null
-diff -up openssh-6.8p1/sftp-server.8.sftp-force-mode openssh-6.8p1/sftp-server.8
---- openssh-6.8p1/sftp-server.8.sftp-force-mode 2015-03-17 06:49:20.000000000 +0100
-+++ openssh-6.8p1/sftp-server.8 2015-03-18 13:18:05.898306477 +0100
-@@ -38,6 +38,7 @@
- .Op Fl P Ar blacklisted_requests
- .Op Fl p Ar whitelisted_requests
- .Op Fl u Ar umask
-+.Op Fl m Ar force_file_perms
- .Ek
- .Nm
- .Fl Q Ar protocol_feature
-@@ -138,6 +139,10 @@ Sets an explicit
- .Xr umask 2
- to be applied to newly-created files and directories, instead of the
- user's default mask.
-+.It Fl m Ar force_file_perms
-+Sets explicit file permissions to be applied to newly-created files instead
-+of the default or client requested mode. Numeric values include:
-+777, 755, 750, 666, 644, 640, etc. Option -u is ineffective if -m is set.
- .El
- .Pp
- On some systems,
-diff -up openssh-6.8p1/sftp-server.c.sftp-force-mode openssh-6.8p1/sftp-server.c
---- openssh-6.8p1/sftp-server.c.sftp-force-mode 2015-03-18 13:18:05.883306513 +0100
-+++ openssh-6.8p1/sftp-server.c 2015-03-18 13:18:36.697232193 +0100
-@@ -70,6 +70,10 @@ struct sshbuf *oqueue;
- /* Version of client */
- static u_int version;
-
-+/* Force file permissions */
-+int permforce = 0;
-+long permforcemode;
-+
- /* SSH2_FXP_INIT received */
- static int init_done;
-
-@@ -693,6 +697,10 @@ process_open(u_int32_t id)
- debug3("request %u: open flags %d", id, pflags);
- flags = flags_from_portable(pflags);
- mode = (a.flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a.perm : 0666;
-+ if (permforce == 1) { /* Force perm if -m is set */
-+ mode = permforcemode;
-+ (void)umask(0); /* so umask does not interfere */
-+ }
- logit("open \"%s\" flags %s mode 0%o",
- name, string_from_portable(pflags), mode);
- if (readonly &&
-@@ -1495,7 +1503,7 @@ sftp_server_usage(void)
- fprintf(stderr,
- "usage: %s [-ehR] [-d start_directory] [-f log_facility] "
- "[-l log_level]\n\t[-P blacklisted_requests] "
-- "[-p whitelisted_requests] [-u umask]\n"
-+ "[-p whitelisted_requests] [-u umask] [-m force_file_perms]\n"
- " %s -Q protocol_feature\n",
- __progname, __progname);
- exit(1);
-@@ -1520,7 +1528,7 @@ sftp_server_main(int argc, char **argv,
- pw = pwcopy(user_pw);
-
- while (!skipargs && (ch = getopt(argc, argv,
-- "d:f:l:P:p:Q:u:cehR")) != -1) {
-+ "d:f:l:P:p:Q:u:m:cehR")) != -1) {
- switch (ch) {
- case 'Q':
- if (strcasecmp(optarg, "requests") != 0) {
-@@ -1580,6 +1588,15 @@ sftp_server_main(int argc, char **argv,
- fatal("Invalid umask \"%s\"", optarg);
- (void)umask((mode_t)mask);
- break;
-+ case 'm':
-+ /* Force permissions on file received via sftp */
-+ permforce = 1;
-+ permforcemode = strtol(optarg, &cp, 8);
-+ if (permforcemode < 0 || permforcemode > 0777 ||
-+ *cp != '\0' || (permforcemode == 0 &&
-+ errno != 0))
-+ fatal("Invalid file mode \"%s\"", optarg);
-+ break;
- case 'h':
- default:
- sftp_server_usage();