diff --git a/pam.changes b/pam.changes
index eb7f846..9a0ed17 100644
--- a/pam.changes
+++ b/pam.changes
@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Thu Nov 15 15:41:08 UTC 2018 - josef.moellers@suse.com
+
+- When comparing an incoming IP address with an entry in
+  access.conf that only specified a single host (ie no netmask),
+  the incoming IP address was used rather than the IP address from
+  access.conf, effectively comparing the incoming address with
+  itself.  (Also fixed a small typo while I was at it)
+  {bsc#1115640, use-correct-IP-address.patch]
+
 -------------------------------------------------------------------
 Mon Oct 22 07:42:19 UTC 2018 - josef.moellers@suse.com
 
diff --git a/pam.spec b/pam.spec
index a0098c4..47d4ba2 100644
--- a/pam.spec
+++ b/pam.spec
@@ -66,6 +66,7 @@ Patch0:         fix-man-links.dif
 Patch2:         pam-limit-nproc.patch
 Patch3:         encryption_method_nis.diff
 Patch4:         pam-hostnames-in-access_conf.patch
+Patch5:         use-correct-IP-address.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  libdb-4_8-devel
 # Remove with next version update:
@@ -118,6 +119,7 @@ building both PAM-aware applications and modules for use with PAM.
 %patch2 -p1
 %patch3 -p0
 %patch4 -p0
+%patch5 -p1
 
 %build
 autoreconf -fiv
diff --git a/use-correct-IP-address.patch b/use-correct-IP-address.patch
new file mode 100644
index 0000000..105a16c
--- /dev/null
+++ b/use-correct-IP-address.patch
@@ -0,0 +1,34 @@
+Index: Linux-PAM-1.3.1/modules/pam_access/pam_access.c
+===================================================================
+--- Linux-PAM-1.3.1.orig/modules/pam_access/pam_access.c
++++ Linux-PAM-1.3.1/modules/pam_access/pam_access.c
+@@ -716,7 +716,7 @@ network_netmask_match (pam_handle_t *pam
+ 
+     if (item->debug)
+       pam_syslog (pamh, LOG_DEBUG,
+-		"network_netmask_match: tok=%s, item=%s", tok, string);
++		"network_netmask_match: tok=%s, string=%s", tok, string);
+ 
+     /* OK, check if tok is of type addr/mask */
+     if ((netmask_ptr = strchr(tok, '/')) != NULL)
+@@ -734,7 +734,7 @@ network_netmask_match (pam_handle_t *pam
+ 
+ 	/* check netmask */
+ 	if (isipaddr(netmask_ptr, NULL, NULL) == NO)
+-	  { /* netmask as integre value */
++	  { /* netmask as integer value */
+ 	    char *endptr = NULL;
+ 	    netmask = strtol(netmask_ptr, &endptr, 0);
+ 	    if ((endptr == netmask_ptr) || (*endptr != '\0'))
+@@ -778,9 +778,9 @@ network_netmask_match (pam_handle_t *pam
+ 
+ 	ai = NULL;	/* just to be on the safe side */
+ 
+-	if (getaddrinfo (string, NULL, &hint, &ai) != 0)
++	if (getaddrinfo (tok, NULL, &hint, &ai) != 0)
+ 	  {
+-	    pam_syslog(pamh, LOG_ERR, "cannot resolve hostname \"%s\"", string);
++	    pam_syslog(pamh, LOG_ERR, "cannot resolve hostname \"%s\"", tok);
+ 
+ 	    return NO;
+ 	  }