* keyserver.c (keyserver_spawn): Assert that we have dropped privs.

* pubkey-enc.c (get_session_key): Check that the public key
algorithm is indeed usable for en/decryption.  This avoid a
strange error message from pubkey_decrypt if for some reasons a
bad algorithm indentifier is passed.
* hkp.c (hkp_export): Do not print possible control characters
from a keyserver response.
(parse_hkp_index): Made uid an unsigned char* because it is passed to
isspace().
(hkp_search): Ditto for the char* vars.
* g10.c (main): Print the IDEA warning also for -c and -se.
* g10.c (get_temp_dir): Assert that we have dropped privs
* encode.c (encode_crypt): Include the first key into the --pgp2
check.

g10/g10.c

@@ -1285,7 +1285,8 @@ main( int argc, char **argv )
 	opt.force_v3_sigs = 1;
 	opt.pgp2_workarounds = 1;
 	opt.def_cipher_algo = CIPHER_ALGO_IDEA;
-	if( cmd==aEncr && check_cipher_algo(CIPHER_ALGO_IDEA) ) {
+	if( (cmd==aEncr || cmd==aSym || cmd==aSignEncr)
+            && check_cipher_algo(CIPHER_ALGO_IDEA) ) {
 	  log_info(_("Encrypting a message to a PGP 2.x user requires "
 		     "the IDEA cipher module.\n"));
 	  log_error(_("Please see http://www.gnupg.org/why-not-idea.html"
@@ -2110,10 +2111,18 @@ check_policy_url( const char *s )
     return 0;
 }
 
-const char *get_temp_dir(void)
+const char *
+get_temp_dir(void)
 {
   char *tmp;
 
+#ifndef __MINGW32__
+  /* Don't allow to be setuid when we are going to create temporary
+     files or directories - yes, this is a bit paranoid */
+  if (getuid() != geteuid() )
+      BUG ();
+#endif
+
   if(opt.temp_dir)
     return opt.temp_dir;