diff --git a/hostapd-2.5.tar.gz b/hostapd-2.5.tar.gz
deleted file mode 100644
index 93f6acd..0000000
--- a/hostapd-2.5.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:8e272d954dc0d7026c264b79b15389ec2b2c555b32970de39f506b9f463ec74a
-size 1720783
diff --git a/hostapd-2.5-defconfig.patch b/hostapd-2.6-defconfig.patch
similarity index 83%
rename from hostapd-2.5-defconfig.patch
rename to hostapd-2.6-defconfig.patch
index 7c15a43..5474961 100644
--- a/hostapd-2.5-defconfig.patch
+++ b/hostapd-2.6-defconfig.patch
@@ -1,6 +1,6 @@
---- ./hostapd/defconfig.orig	2015-10-18 15:11:32.152380752 +0200
-+++ ./hostapd/defconfig	2015-10-18 15:18:07.240441471 +0200
-@@ -28,7 +28,7 @@
+--- hostapd/defconfig.orig	2016-10-02 19:51:11.000000000 +0100
++++ hostapd/defconfig	2016-10-04 11:15:48.548609106 +0100
+@@ -31,7 +31,7 @@
  #CONFIG_LIBNL20=y
  
  # Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
@@ -9,7 +9,7 @@
  
  
  # Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
-@@ -39,7 +39,7 @@
+@@ -42,7 +42,7 @@
  #LIBS_c += -L/usr/local/lib
  
  # Driver interface for no driver (e.g., RADIUS server only)
@@ -18,7 +18,7 @@
  
  # IEEE 802.11F/IAPP
  CONFIG_IAPP=y
-@@ -78,53 +78,53 @@
+@@ -81,53 +81,53 @@
  CONFIG_EAP_TTLS=y
  
  # EAP-SIM for the integrated EAP server
@@ -88,7 +88,7 @@
  
  # PKCS#12 (PFX) support (used to read private key and certificate file from
  # a file that usually has extension .p12 or .pfx)
-@@ -132,27 +132,27 @@
+@@ -135,27 +135,27 @@
  
  # RADIUS authentication server. This provides access to the integrated EAP
  # server from external hosts using RADIUS.
@@ -122,7 +122,7 @@
  
  # Remove debugging code that is printing out debug messages to stdout.
  # This can be used to reduce the size of the hostapd considerably if debugging
-@@ -180,7 +180,7 @@
+@@ -183,7 +183,7 @@
  
  # Enable support for fully dynamic VLANs. This enables hostapd to
  # automatically create bridge and VLAN interfaces if necessary.
@@ -131,7 +131,7 @@
  
  # Use netlink-based kernel API for VLAN operations instead of ioctl()
  # Note: This requires libnl 3.1 or newer.
-@@ -251,16 +251,16 @@
+@@ -257,16 +257,16 @@
  # gnutls = GnuTLS
  # internal = Internal TLSv1 implementation (experimental)
  # none = Empty template
@@ -151,7 +151,7 @@
  
  # If CONFIG_TLS=internal is used, additional library and include paths are
  # needed for LibTomMath. Alternatively, an integrated, minimal version of
-@@ -281,13 +281,13 @@
+@@ -287,19 +287,19 @@
  # Interworking (IEEE 802.11u)
  # This can be used to enable functionality to improve interworking with
  # external networks.
@@ -167,4 +167,27 @@
 +CONFIG_SQLITE=y
  
  # Enable Fast Session Transfer (FST)
- #CONFIG_FST=y
+-#CONFIG_FST=y
++CONFIG_FST=y
+ 
+ # Enable CLI commands for FST testing
+-#CONFIG_FST_TEST=y
++CONFIG_FST_TEST=y
+ 
+ # Testing options
+ # This can be used to enable some testing options (see also the example
+@@ -331,12 +331,12 @@
+ # For more details refer to:
+ # http://wireless.kernel.org/en/users/Documentation/acs
+ #
+-#CONFIG_ACS=y
++CONFIG_ACS=y
+ 
+ # Multiband Operation support
+ # These extentions facilitate efficient use of multiple frequency bands
+ # available to the AP and the devices that may associate with it.
+-#CONFIG_MBO=y
++CONFIG_MBO=y
+ 
+ # Client Taxonomy
+ # Has the AP retain the Probe Request and (Re)Association Request frames from
diff --git a/hostapd-2.6.tar.gz b/hostapd-2.6.tar.gz
new file mode 100644
index 0000000..aad8e07
--- /dev/null
+++ b/hostapd-2.6.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:01526b90c1d23bec4b0f052039cc4456c2fd19347b4d830d1d58a0a6aea7117d
+size 1822341
diff --git a/hostapd.changes b/hostapd.changes
index df06dbe..e7a8237 100644
--- a/hostapd.changes
+++ b/hostapd.changes
@@ -1,3 +1,79 @@
+-------------------------------------------------------------------
+Mon Oct 02 14:39:02 GMT 2016 - chris@intrbiz.com
+
+- update to upstream release 2.6
+  * fixed EAP-pwd last fragment validation
+    [http://w1.fi/security/2015-7/] (CVE-2015-5314)
+  * fixed WPS configuration update vulnerability with malformed passphrase
+    [http://w1.fi/security/2016-1/] (CVE-2016-4476)
+  * extended channel switch support for VHT bandwidth changes
+  * added support for configuring new ANQP-elements with
+    anqp_elem=<InfoID>:<hexdump of payload>
+  * fixed Suite B 192-bit AKM to use proper PMK length
+    (note: this makes old releases incompatible with the fixed behavior)
+  * added no_probe_resp_if_max_sta=1 parameter to disable Probe Response
+    frame sending for not-associated STAs if max_num_sta limit has been
+    reached
+  * added option (-S as command line argument) to request all interfaces
+    to be started at the same time
+  * modified rts_threshold and fragm_threshold configuration parameters
+    to allow -1 to be used to disable RTS/fragmentation
+  * EAP-pwd: added support for Brainpool Elliptic Curves
+    (with OpenSSL 1.0.2 and newer)
+  * fixed EAPOL reauthentication after FT protocol run
+  * fixed FTIE generation for 4-way handshake after FT protocol run
+  * fixed and improved various FST operations
+  * TLS server
+    - support SHA384 and SHA512 hashes
+    - support TLS v1.2 signature algorithm with SHA384 and SHA512
+    - support PKCS #5 v2.0 PBES2
+    - support PKCS #5 with PKCS #12 style key decryption
+    - minimal support for PKCS #12
+    - support OCSP stapling (including ocsp_multi)
+  * added support for OpenSSL 1.1 API changes
+    - drop support for OpenSSL 0.9.8
+    - drop support for OpenSSL 1.0.0
+  * EAP-PEAP: support fast-connect crypto binding
+  * RADIUS
+    - fix Called-Station-Id to not escape SSID
+    - add Event-Timestamp to all Accounting-Request packets
+    - add Acct-Session-Id to Accounting-On/Off
+    - add Acct-Multi-Session-Id  ton Access-Request packets
+    - add Service-Type (= Frames)
+    - allow server to provide PSK instead of passphrase for WPA-PSK
+      Tunnel_password case
+    - update full message for interim accounting updates
+    - add Acct-Delay-Time into Accounting messages
+    - add require_message_authenticator configuration option to require
+      CoA/Disconnect-Request packets to be authenticated
+  * started to postpone WNM-Notification frame sending by 100 ms so that
+    the STA has some more time to configure the key before this frame is
+    received after the 4-way handshake
+  * VHT: added interoperability workaround for 80+80 and 160 MHz channels
+  * extended VLAN support (per-STA vif, etc.)
+  * fixed PMKID derivation with SAE
+  * nl80211
+    - added support for full station state operations
+    - fix IEEE 802.1X/WEP EAP reauthentication and rekeying to use
+      unencrypted EAPOL frames
+  * added initial MBO support; number of extensions to WNM BSS Transition
+    Management
+  * added initial functionality for location related operations
+  * added assocresp_elements parameter to allow vendor specific elements
+    to be added into (Re)Association Response frames
+  * improved Public Action frame addressing
+    - use Address 3 = wildcard BSSID in GAS response if a query from an
+      unassociated STA used that address
+    - fix TX status processing for Address 3 = wildcard BSSID
+    - add gas_address3 configuration parameter to control Address 3
+      behavior
+  * added command line parameter -i to override interface parameter in
+    hostapd.conf
+  * added command completion support to hostapd_cli
+  * added passive client taxonomy determination (CONFIG_TAXONOMY=y
+    compile option and "SIGNATURE <addr>" control interface command)
+  * number of small fixes
+
 -------------------------------------------------------------------
 Sun Oct 18 12:59:02 UTC 2015 - michael@stroeder.com
 
diff --git a/hostapd.spec b/hostapd.spec
index 0c71584..be36c06 100644
--- a/hostapd.spec
+++ b/hostapd.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package hostapd
 #
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -26,13 +26,13 @@ BuildRequires:  pkgconfig(systemd)
 Summary:        Turns Your WLAN Card into a WPA capable Access Point
 License:        GPL-2.0 or BSD-3-Clause
 Group:          Hardware/Wifi
-Version:        2.5
+Version:        2.6
 Release:        0
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Url:            http://w1.fi/
 Source:         http://w1.fi/releases/hostapd-%{version}.tar.gz
 Source1:        hostapd.service
-Patch0:         hostapd-2.5-defconfig.patch
+Patch0:         hostapd-2.6-defconfig.patch
 %{?systemd_requires}
 
 %description