Add WPS patch for CVE-2016-4476

2016-06-06 15:00:44 -04:00 · 2016-06-06 15:00:44 -04:00 · 91b438a2fc
commit 91b438a2fc
parent 37862248c1
1 changed files with 10 additions and 1 deletions
--- a/hostapd.spec
+++ b/hostapd.spec
@ -2,7 +2,7 @@

 Name:           hostapd
 Version:        2.5
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
 License:        BSD
 URL:            http://w1.fi/hostapd
@ -13,6 +13,9 @@ Source2:        %{name}.conf
 Source3:        %{name}.sysconfig
 Source4:        %{name}.init

+# CVE-2016-4476 (not actually necessary, since WPS not enabled)
+Patch0: WPS-Reject-a-Credential-with-invalid-passphrase.patch
+
 BuildRequires:  libnl3-devel
 BuildRequires:  openssl-devel

@ -50,6 +53,9 @@ Logwatch scripts for hostapd.
 %prep
 %setup -q

+# CVE-2016-4476
+%patch0 -p1
+
 %build
 cd hostapd
 cat defconfig | sed \
@ -168,6 +174,9 @@ fi
 %{_sysconfdir}/logwatch/scripts/services/%{name}

 %changelog
+* Mon Jun 06 2016 John W. Linville <linville@redhat.com> - 2.5-4
+- Add WPS patch for CVE-2016-4476
+
 * Tue Apr 19 2016 Sascha Spreitzer <sspreitz@redhat.com> - 2.5-3
 - Enable ACS feature (automatic channel switching)