diff --git a/.cvsignore b/.cvsignore
index a90ecca..f08b27d 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -5,3 +5,5 @@ krb5-1.3.6.tar.gz
 krb5-1.3.6.tar.gz.asc
 krb5-1.4.tar.gz
 krb5-1.4.tar.gz.asc
+krb5-1.4.1.tar.gz
+krb5-1.4.1.tar.gz.asc
diff --git a/kadmin.sysconfig b/kadmin.sysconfig
index fa72039..fe76198 100644
--- a/kadmin.sysconfig
+++ b/kadmin.sysconfig
@@ -1 +1,2 @@
 KADMIND_ARGS=
+KRB5REALM=
diff --git a/kadmind.init b/kadmind.init
index 9bcf6d3..458c612 100755
--- a/kadmind.init
+++ b/kadmind.init
@@ -37,12 +37,12 @@ start() {
 	else
   	    if [ ! -f /var/kerberos/krb5kdc/kadm5.keytab ] ; then
 		echo -n $"Extracting kadm5 Service Keys: "
-		/usr/kerberos/sbin/kadmin.local -q "ktadd -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/admin kadmin/changepw" && success || failure
+		/usr/kerberos/sbin/kadmin.local ${KRB5REALM:+-r $KRB5REALM} -q "ktadd -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/admin${KRB5REALM:+@$KRB5REALM} kadmin/changepw${KRB5REALM:+@$KRB5REALM}" && success || failure
 		echo
 	    fi
 	fi
 	echo -n $"Starting $prog: "
-	daemon ${kadmind} $KADMIND_ARGS
+	daemon ${kadmind} ${KRB5REALM:+-r ${KRB5REALM}} $KADMIND_ARGS
 	RETVAL=$?
 	echo
 	[ $RETVAL = 0 ] && touch /var/lock/subsys/kadmin
diff --git a/krb5-1.3-rlogind-environ.patch b/krb5-1.3-rlogind-environ.patch
index 6ff584f..e50cbbe 100644
--- a/krb5-1.3-rlogind-environ.patch
+++ b/krb5-1.3-rlogind-environ.patch
@@ -36,16 +36,16 @@ KRB5CCNAME, which we set ourselves.
          fatalperror(f, "failed make_sane_hostname");
      if (passwd_req)
 -        execl(login_program, "login", "-p", "-h", rhost_sane,
--          lusername, 0);
+-          lusername, (char *)NULL);
 +        execle(login_program, "login", "-p", "-h", rhost_sane,
 +          lusername, NULL, bare_environ);
      else
 -        execl(login_program, "login", "-p", "-h", rhost_sane,
--             "-f", lusername, 0);
+-             "-f", lusername, (char *)NULL);
 +        execle(login_program, "login", "-p", "-h", rhost_sane,
 +             "-f", lusername, NULL, bare_environ);
  #else /* USE_LOGIN_F */
--	execl(login_program, "login", "-r", rhost_sane, 0);
+-	execl(login_program, "login", "-r", rhost_sane, (char *)NULL);
 +	execle(login_program, "login", "-r", rhost_sane, NULL, bare_environ);
  #endif /* USE_LOGIN_F */
  	syslog(LOG_ERR, "failed exec of %s: %s",
diff --git a/krb5.spec b/krb5.spec
index 198dded..38a24d5 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -6,10 +6,10 @@
 
 Summary: The Kerberos network authentication system.
 Name: krb5
-Version: 1.4
-Release: 3
+Version: 1.4.1
+Release: 1
 # Maybe we should explode from the now-available-to-everybody tarball instead?
-# http://web.mit.edu/kerberos/dist/krb5/1.4/krb5-1.4-signed.tar
+# http://web.mit.edu/kerberos/dist/krb5/1.4/krb5-1.4.1-signed.tar
 Source0: krb5-%{version}.tar.gz
 Source1: krb5-%{version}.tar.gz.asc
 Source2: kpropd.init
@@ -60,7 +60,6 @@ Patch28: krb5-1.3.5-gethostbyname_r.patch
 Patch29: krb5-1.3.5-kprop-mktemp.patch
 Patch30: krb5-1.3.4-send-pr-tempfile.patch
 Patch32: krb5-1.4-ncurses.patch
-Patch33: krb5-MITKRB5SA-2005-001.patch
 License: MIT, freely distributable.
 URL: http://web.mit.edu/kerberos/www/
 Group: System Environment/Libraries
@@ -125,7 +124,11 @@ network uses Kerberos, this package should be installed on every
 workstation.
 
 %changelog
-# - XXX krb5_init_ets is gone now, what to do?
+* Fri May  6 2005 Nalin Dahyabhai <nalin@redhat.com> 1.4.1-1
+- update to 1.4.1, incorporating fixes for CAN-2005-0468 and CAN-2005-0469
+- when starting the KDC or kadmind, if KRB5REALM is set via the /etc/sysconfig
+  file for the service, pass it as an argument for the -r flag
+
 * Wed Mar 23 2005 Nalin Dahyabhai <nalin@redhat.com> 1.4-3
 - drop krshd patch for now
 
@@ -815,9 +818,6 @@ workstation.
 %patch29 -p1 -b .kprop-mktemp
 %patch30 -p1 -b .send-pr-tempfile
 %patch32 -p1 -b .ncurses
-pushd src/appl/telnet/telnet
-%patch33 -p0 -b .MITKRB5SA-2005-001
-popd
 cp src/krb524/README README.krb524
 find . -type f -name "*.info-dir" -exec rm -fv "{}" ";"
 gzip doc/*.ps
@@ -980,7 +980,7 @@ fi
 
 %config(noreplace) /etc/xinetd.d/*
 
-%doc doc/krb5-user*.html doc/user*.ps.gz src/config-files/services.append
+%doc doc/krb5-user/*.html doc/user*.ps.gz src/config-files/services.append
 %doc doc/{ftp,kdestroy,kinit,klist,kpasswd,ksu,rcp,rlogin,rsh,telnet}.html
 %attr(0755,root,root) %doc src/config-files/convert-config-files
 %{_infodir}/krb5-user.info*
@@ -1059,9 +1059,9 @@ fi
 %config(noreplace) /etc/sysconfig/kadmin
 %config(noreplace) /etc/sysconfig/krb524
 
-%doc doc/admin*.ps.gz doc/krb5-admin*.html
-%doc doc/krb425*.ps.gz doc/krb425*.html
-%doc doc/install*.ps.gz doc/krb5-install*.html
+%doc doc/admin*.ps.gz doc/krb5-admin/*.html
+%doc doc/krb425*.ps.gz doc/krb425/*.html
+%doc doc/install*.ps.gz doc/krb5-install/*.html
 %doc README.krb524
 
 %{_infodir}/krb5-admin.info*
diff --git a/krb5kdc.init b/krb5kdc.init
index 5bdd42b..82b4088 100755
--- a/krb5kdc.init
+++ b/krb5kdc.init
@@ -32,7 +32,7 @@ start() {
 	    exit 0
 	fi
 	echo -n $"Starting $prog: "
-	daemon ${krb5kdc} $KRB5KDC_ARGS
+	daemon ${krb5kdc} ${KRB5REALM:+-r ${KRB5REALM}} $KRB5KDC_ARGS
 	RETVAL=$?
 	echo
 	[ $RETVAL = 0 ] && touch /var/lock/subsys/krb5kdc
diff --git a/krb5kdc.sysconfig b/krb5kdc.sysconfig
index 791216d..1025f7e 100644
--- a/krb5kdc.sysconfig
+++ b/krb5kdc.sysconfig
@@ -1 +1,2 @@
 KRB5KDC_ARGS=
+KRB5REALM=
diff --git a/sources b/sources
index d85855d..78f536f 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-64f54aaf2f791bc2d689e3ce07874116  krb5-1.4.tar.gz
-c46d18bf4c643692ee2bdac13b52ff95  krb5-1.4.tar.gz.asc
+872bb55e6877d43ac8dd05f46eed62a5  krb5-1.4.1.tar.gz
+d9778c6956ed2981fd1fcced5f9fec05  krb5-1.4.1.tar.gz.asc