diff --git a/CHANGES b/CHANGES
index 4da6f6a7..3a755f27 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,8 @@
 04 Feb 2010 - 2.5.12
 --------------------
 
+ * Fixed SecUploadFileMode to set the correct mode.
+
  * Fixed nolog,auditlog/noauditlog/nolog controls for disruptive actions.
 
  * Added additional file info definitions introduced in APR 0.9.5 so that
diff --git a/apache2/apache2_config.c b/apache2/apache2_config.c
index 83cb996e..153d5cb1 100644
--- a/apache2/apache2_config.c
+++ b/apache2/apache2_config.c
@@ -543,7 +543,7 @@ void init_directory_config(directory_config *dcfg)
     if (dcfg->upload_dir == NOT_SET_P) dcfg->upload_dir = NULL;
     if (dcfg->upload_keep_files == NOT_SET) dcfg->upload_keep_files = KEEP_FILES_OFF;
     if (dcfg->upload_validates_files == NOT_SET) dcfg->upload_validates_files = 0;
-    if (dcfg->upload_filemode == NOT_SET) dcfg->upload_filemode = mode2fileperms(0600);
+    if (dcfg->upload_filemode == NOT_SET) dcfg->upload_filemode = 0600;
     if (dcfg->upload_file_limit == NOT_SET) dcfg->upload_file_limit = 100;
 
     /* Misc */
diff --git a/apache2/configure b/apache2/configure
index 6ce66af0..a58eaf34 100755
--- a/apache2/configure
+++ b/apache2/configure
@@ -4195,7 +4195,7 @@ test $ac_cv_func_memcmp_working = no && case " $LIBOBJS " in
 esac
 
 
-for ac_func in atexit getcwd memmove memset strcasecmp strchr strdup strerror strncasecmp strrchr strstr strtol
+for ac_func in atexit getcwd memmove memset strcasecmp strchr strdup strerror strncasecmp strrchr strstr strtol fchmod
 do :
   as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
 ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
diff --git a/apache2/configure.in b/apache2/configure.in
index 57b0c7cf..1eb935c5 100644
--- a/apache2/configure.in
+++ b/apache2/configure.in
@@ -40,7 +40,7 @@ AC_TYPE_UINT8_T
 # Checks for library functions.
 AC_FUNC_MALLOC
 AC_FUNC_MEMCMP
-AC_CHECK_FUNCS([atexit getcwd memmove memset strcasecmp strchr strdup strerror strncasecmp strrchr strstr strtol])
+AC_CHECK_FUNCS([atexit getcwd memmove memset strcasecmp strchr strdup strerror strncasecmp strrchr strstr strtol fchmod])
 
 # Some directories
 MSC_BASE_DIR=`pwd`
diff --git a/apache2/mod_security2_config.h.in b/apache2/mod_security2_config.h.in
index 6e740e08..95957bb5 100644
--- a/apache2/mod_security2_config.h.in
+++ b/apache2/mod_security2_config.h.in
@@ -3,6 +3,9 @@
 /* Define to 1 if you have the `atexit' function. */
 #undef HAVE_ATEXIT
 
+/* Define to 1 if you have the `fchmod' function. */
+#undef HAVE_FCHMOD
+
 /* Define to 1 if you have the <fcntl.h> header file. */
 #undef HAVE_FCNTL_H
 
diff --git a/apache2/msc_multipart.c b/apache2/msc_multipart.c
index c520ca84..692dac82 100644
--- a/apache2/msc_multipart.c
+++ b/apache2/msc_multipart.c
@@ -457,8 +457,10 @@ static int multipart_process_part_data(modsec_rec *msr, char **error_msg) {
                 msr->mpd->nfiles++;
 
                 if (msr->txcfg->debuglog_level >= 4) {
-                    msr_log(msr, 4, "Multipart: Created temporary file %d: %s",
+                    msr_log(msr, 4,
+                        "Multipart: Created temporary file %d (mode %04o): %s",
                         msr->mpd->nfiles,
+                        (unsigned int)msr->txcfg->upload_filemode,
                         log_escape_nq(msr->mp, msr->mpd->mpp->tmp_file_name));
                 }
             }
diff --git a/apache2/msc_util.c b/apache2/msc_util.c
index 0b29d57f..51b3f59d 100644
--- a/apache2/msc_util.c
+++ b/apache2/msc_util.c
@@ -16,15 +16,16 @@
  * directly using the email address support@breach.com.
  *
  */
-#include "msc_release.h"
-#include "msc_util.h"
-
 #include <ctype.h>
 #include <fcntl.h>
 #include <stdlib.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 
+#include "mod_security2_config.h"
+#include "msc_release.h"
+#include "msc_util.h"
+
 #include <apr_lib.h>
 
 /**
@@ -435,14 +436,25 @@ char *current_filetime(apr_pool_t *mp) {
  *
  */
 int msc_mkstemp_ex(char *template, int mode) {
+    int fd = -1;
+
     /* ENH Use apr_file_mktemp instead. */
 
-    #if !(defined(WIN32)||defined(NETWARE))
-    return mkstemp(template);
-    #else
+#if !(defined(WIN32)||defined(NETWARE))
+    fd = mkstemp(template);
+#ifdef HAVE_FCHMOD
+    if ((fd != -1) && (mode != 0)) {
+        if (fchmod(fd, mode) == -1) {
+            return -1;
+        }
+    }
+#endif /* HAVE_FCHMOD */
+#else
     if (mktemp(template) == NULL) return -1;
-    return open(template, O_WRONLY | O_APPEND | O_CREAT | O_BINARY, mode);
-    #endif
+    fd = open(template, O_WRONLY | O_APPEND | O_CREAT | O_BINARY, mode);
+#endif /* !(defined(WIN32)||defined(NETWARE)) */
+
+    return fd;
 }
 
 /**