Index: gnupg-2.1.0/g10/plaintext.c
===================================================================
--- gnupg-2.1.0.orig/g10/plaintext.c	2014-11-07 11:35:18.100563974 +0100
+++ gnupg-2.1.0/g10/plaintext.c	2014-11-07 16:51:59.919347340 +0100
@@ -25,6 +25,7 @@
 #include <errno.h>
 #include <assert.h>
 #include <sys/types.h>
+#include <sys/stat.h>
 #ifdef HAVE_DOSISH_SYSTEM
 # include <fcntl.h> /* for setmode() */
 #endif
@@ -39,6 +40,9 @@
 #include "status.h"
 #include "i18n.h"
 
+/* define safe permissions for creating plaintext files */
+#define GPG_SAFE_PERMS (S_IRUSR | S_IWUSR)
+#define GPG_SAFE_UMASK (0777 & ~GPG_SAFE_PERMS)
 
 /* Handle a plaintext packet.  If MFX is not NULL, update the MDs
  * Note: We should have used the filter stuff here, but we have to add
@@ -169,11 +173,15 @@ handle_plaintext (PKT_plaintext * pt, md
       log_error (_("error creating '%s': %s\n"), fname, gpg_strerror (err));
       goto leave;
     }
-  else if (!(fp = es_fopen (fname, "wb")))
-    {
-      err = gpg_error_from_syserror ();
-      log_error (_("error creating '%s': %s\n"), fname, gpg_strerror (err));
-      goto leave;
+    else {
+	mode_t saved_umask = umask(GPG_SAFE_UMASK);
+	if( !(fp = es_fopen(fname,"wb")) ) {
+		err = gpg_error_from_syserror ();
+		log_error(_("error creating `%s': %s\n"), fname, strerror(errno) );
+		umask(saved_umask);
+		goto leave;
+	}
+	umask(saved_umask);
     }
 #else /* __riscos__ */
   /* If no output filename was given, i.e. we constructed it, convert