From 91b438a2fc699be9e4b94f78110997e187d88c65 Mon Sep 17 00:00:00 2001
From: John W. Linville <linville@tuxdriver.com>
Date: Jun 06 2016 19:00:44 +0000
Subject: Add WPS patch for CVE-2016-4476


---

diff --git a/hostapd.spec b/hostapd.spec
index 9985bbc..98219f5 100644
--- a/hostapd.spec
+++ b/hostapd.spec
@@ -2,7 +2,7 @@
 
 Name:           hostapd
 Version:        2.5
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
 License:        BSD
 URL:            http://w1.fi/hostapd
@@ -13,6 +13,9 @@ Source2:        %{name}.conf
 Source3:        %{name}.sysconfig
 Source4:        %{name}.init
 
+# CVE-2016-4476 (not actually necessary, since WPS not enabled)
+Patch0: WPS-Reject-a-Credential-with-invalid-passphrase.patch
+
 BuildRequires:  libnl3-devel
 BuildRequires:  openssl-devel
 
@@ -50,6 +53,9 @@ Logwatch scripts for hostapd.
 %prep
 %setup -q
 
+# CVE-2016-4476
+%patch0 -p1
+
 %build
 cd hostapd
 cat defconfig | sed \
@@ -168,6 +174,9 @@ fi
 %{_sysconfdir}/logwatch/scripts/services/%{name}
 
 %changelog
+* Mon Jun 06 2016 John W. Linville <linville@redhat.com> - 2.5-4
+- Add WPS patch for CVE-2016-4476
+
 * Tue Apr 19 2016 Sascha Spreitzer <sspreitz@redhat.com> - 2.5-3
 - Enable ACS feature (automatic channel switching)