diff --git a/krb5-1.3-ftp-glob.patch b/krb5-1.3-ftp-glob.patch
index becaff0..1da3abf 100644
--- a/krb5-1.3-ftp-glob.patch
+++ b/krb5-1.3-ftp-glob.patch
@@ -1,31 +1,28 @@
 --- krb5-1.3/src/appl/gssftp/ftp/cmds.c
 +++ krb5-1.3/src/appl/gssftp/ftp/cmds.c
-@@ -99,6 +99,65 @@
+@@ -99,6 +99,62 @@
  static void quote1 (char *, int, char **);
  static char *dotrans (char *);
  static char *domap (char *);
-+static int checkglob(int fd, const char *pattern);
++static int checkglob(const char *filename, const char *pattern);
 +
 +/*
 + * pipeprotect: protect against "special" local filenames by prepending
-+ * "./". Special local filenames are "-" and "|..." AND "/...".
++ * "./". Special local filenames are "-" and any "filename" which begins
++ * with either "|" or "/".
 + */
 +static char *pipeprotect(char *name) 
 +{
-+	char *nu;
-+	if (strcmp(name, "-") && *name!='|' && *name!='/') {
++	static char nu[MAXPATHLEN];
++	if ((name == NULL) ||
++	    ((strcmp(name, "-") != 0) && (*name != '|') && (*name != '/'))) {
 +		return name;
 +	}
-+
-+	/* We're going to leak this memory. XXX. */
-+	nu = malloc(strlen(name)+3);
-+	if (nu==NULL) {
-+		perror("malloc");
-+		code = -1;
-+		return NULL;
-+	}
 +	strcpy(nu, ".");
 +	if (*name != '/') strcat(nu, "/");
++	if (strlen(nu) + strlen(name) >= sizeof(nu)) {
++		return NULL;
++	}
 +	strcat(nu, name);
 +	return nu;
 +}
@@ -60,13 +57,13 @@
 +		else if (name[i]=='/') gotdots = 0;
 +		else gotdots = -1;
 +	}
-+	name[len-1] = 0;
++	name[len-1] = '\0';
 +	return name;
 +}
  
  /*
   * `Another' gets another argument, and stores the new argc and argv.
-@@ -844,7 +903,15 @@
+@@ -844,7 +900,15 @@
  
  	if (argc == 2) {
  		argc++;
@@ -83,7 +80,7 @@
  		loc++;
  	}
  	if (argc < 2 && !another(&argc, &argv, "remote-file"))
-@@ -1016,8 +1083,19 @@
+@@ -1016,8 +1080,19 @@
  			if (mapflag) {
  				tp = domap(tp);
  			}
@@ -105,7 +102,7 @@
  			if (!mflag && fromatty) {
  				ointer = interactive;
  				interactive = 1;
-@@ -1045,8 +1123,8 @@
+@@ -1045,8 +1120,8 @@
  	static char buf[MAXPATHLEN];
  	static FILE *ftemp = NULL;
  	static char **args;
@@ -116,14 +113,15 @@
  
  	if (!mflag) {
  		if (!doglob) {
-@@ -1075,23 +1153,46 @@
+@@ -1075,23 +1150,46 @@
  			return (NULL);
  		}
  #else
 -		(void) strncpy(temp, _PATH_TMP, sizeof(temp) - 1);
 -		temp[sizeof(temp) - 1] = '\0';
 -		(void) mktemp(temp);
-+		int oldumask, fd;
++		int fd;
++		mode_t oldumask;
 +		(void) strcpy(temp, _PATH_TMP);
 +
 +		/* libc 5.2.18 creates with mode 0666, which is dumb */
@@ -135,6 +133,7 @@
 +			printf("Error creating temporary file, oops\n");
 +			return NULL;
 +		}
++		close(fd);
  #endif /* !_WIN32 */
  		oldverbose = verbose, verbose = 0;
  		oldhash = hash, hash = 0;
@@ -145,40 +144,28 @@
 -			recvrequest ("NLST", temp, *argv, rmode, 0, 0);
 +
 +		while (*++argv != NULL) {
-+			int     dupfd = dup(fd);
-+
 +			recvrequest ("NLST", temp, *argv, "a", 0, 0);
-+			if (!checkglob(dupfd, *argv)) {
++			if (!checkglob(temp, *argv)) {
 +				badglob = 1;
 +				break;
 +			}
 +		}
-+		unlink(temp);
 +
  		if (doswitch) {
  			pswitch(!proxy);
  		}
  		verbose = oldverbose; hash = oldhash;
--		ftemp = fopen(temp, "r");
--		(void) unlink(temp);
+ 		ftemp = fopen(temp, "r");
+ 		(void) unlink(temp);
 +		if (badglob) {
 +			printf("Refusing to handle insecure file list\n");
-+			close(fd);
++			fclose(ftemp);
 +			return NULL;
 +		}
-+		ftemp = fdopen(fd, "r");
  #ifdef _WIN32
  		free(temp);
  		temp = NULL;
-@@ -1100,6 +1201,7 @@
- 			printf("can't find list of remote files, oops\n");
- 			return (NULL);
- 		}
-+		rewind(ftemp);
- 	}
- 	if (fgets(buf, sizeof (buf), ftemp) == NULL) {
- 		(void) fclose(ftemp), ftemp = NULL;
-@@ -1110,6 +1212,100 @@
+@@ -1110,6 +1208,105 @@
  	return (buf);
  }
  
@@ -222,7 +209,7 @@
 + *                                            --okir
 + */
 +static int
-+checkglob(int fd, const char *pattern)
++checkglob(const char *filename, const char *pattern)
 +{
 +	const char      *sp;
 +	char            buffer[MAXPATHLEN], dotdot[MAXPATHLEN];
@@ -243,7 +230,12 @@
 +		dotdot[nrslash++] = isdotdotglob(sp);
 +	}
 +
-+	fp = fdopen(fd, "r");
++	fp = fopen(filename, "r");
++	if (fp == NULL) {
++		perror("fopen");
++		return 0;
++	}
++
 +	while (okay && fgets(buffer, sizeof(buffer), fp) != NULL) {
 +		char    *sp;
 +
diff --git a/krb5.spec b/krb5.spec
index 5ff5905..3454eca 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -7,7 +7,7 @@
 Summary: The Kerberos network authentication system.
 Name: krb5
 Version: 1.3.5
-Release: 1
+Release: 2
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/www/dist/krb5/1.3/krb5-1.3.5.tar
 Source0: krb5-%{version}.tar.gz
@@ -117,6 +117,9 @@ network uses Kerberos, this package should be installed on every
 workstation.
 
 %changelog
+* Tue Nov 16 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.5-2
+- fix globbing patch port mode (#139075)
+
 * Mon Nov  1 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.5-1
 - fix segfault in telnet due to incorrect checking of gethostbyname_r result
   codes (#129059)