Index: gnupg-2.1.12/g10/plaintext.c
===================================================================
--- gnupg-2.1.12.orig/g10/plaintext.c	2016-05-04 11:43:16.000000000 +0200
+++ gnupg-2.1.12/g10/plaintext.c	2016-05-04 17:36:13.945784756 +0200
@@ -24,6 +24,7 @@
 #include <string.h>
 #include <errno.h>
 #include <sys/types.h>
+#include <sys/stat.h>
 #ifdef HAVE_DOSISH_SYSTEM
 # include <fcntl.h> /* for setmode() */
 #endif
@@ -38,6 +39,9 @@
 #include "status.h"
 #include "i18n.h"
 
+/* define safe permissions for creating plaintext files */
+#define GPG_SAFE_PERMS (S_IRUSR | S_IWUSR)
+#define GPG_SAFE_UMASK (0777 & ~GPG_SAFE_PERMS)
 
 /* Get the output filename.  On success, the actual filename that is
    used is set in *FNAMEP and a filepointer is returned in *FP.
@@ -145,11 +149,15 @@ get_output_file (const byte *embedded_na
       log_error (_("error creating '%s': %s\n"), fname, gpg_strerror (err));
       goto leave;
     }
-  else if (!(fp = es_fopen (fname, "wb")))
-    {
-      err = gpg_error_from_syserror ();
-      log_error (_("error creating '%s': %s\n"), fname, gpg_strerror (err));
-      goto leave;
+    else {
+	mode_t saved_umask = umask(GPG_SAFE_UMASK);
+	if( !(fp = es_fopen(fname,"wb")) ) {
+		err = gpg_error_from_syserror ();
+		log_error(_("error creating `%s': %s\n"), fname, strerror(errno) );
+		umask(saved_umask);
+		goto leave;
+	}
+	umask(saved_umask);
     }
 #else /* __riscos__ */
   /* If no output filename was given, i.e. we constructed it, convert