diff --git a/security/wpa_supplicant/Makefile b/security/wpa_supplicant/Makefile
index a40c862c2b61..adb1a5c98e70 100644
--- a/security/wpa_supplicant/Makefile
+++ b/security/wpa_supplicant/Makefile
@@ -1,227 +1,242 @@
 PORTNAME=	wpa_supplicant
 PORTVERSION=	2.11
-PORTREVISION=	5
+PORTREVISION=	6
 CATEGORIES=	security net
 MASTER_SITES=	https://w1.fi/releases/
 
 MAINTAINER=	cy@FreeBSD.org
 COMMENT=	Supplicant (client) for WPA/802.1x protocols
 WWW=		https://w1.fi/wpa_supplicant/
 
 LICENSE=	BSD3CLAUSE
 LICENSE_FILE=	${WRKSRC}/README
 
 USES=		cpe gmake pkgconfig:build readline ssl
+USE_LDCONFIG=	yes
 BUILD_WRKSRC=	${WRKSRC}/wpa_supplicant
 INSTALL_WRKSRC=	${WRKSRC}/src
 CFLAGS+=	${CPPFLAGS} # USES=readline only augments CPPFLAGS and LDFLAGS
 CFLAGS+=	-I${OPENSSLINC}
 CFLAGS+=	-Wno-deprecated-declarations
 LDFLAGS+=	-L${OPENSSLLIB} -lutil
 MAKE_ENV=	V=1
 
 SUB_FILES=	pkg-message
 PORTDOCS=	README ChangeLog
 
 CFG=		${BUILD_WRKSRC}/.config
 
 .if !exists(/etc/rc.d/wpa_supplicant)
 USE_RC_SUBR=	wpa_supplicant
 .endif
 
 OPTIONS_MULTI=		DRV EAP
 OPTIONS_MULTI_DRV=	BSD WIRED NDIS TEST NONE #ROBOSWITCH
 OPTIONS_MULTI_EAP=	TLS PEAP TTLS MD5 MSCHAPV2 GTC LEAP OTP PSK FAST \
 			SIM PWD PAX AKA AKA_PRIME SAKE GPSK TNC IKEV2 EKE
 OPTIONS_DEFINE=		WPS WPS_ER WPS_NOREG WPS_NFC WPS_UPNP PKCS12 SMARTCARD \
 			HT_OVERRIDES VHT_OVERRIDES TLSV12 IEEE80211W \
 			IEEE80211R DEBUG_FILE DEBUG_SYSLOG PRIVSEP \
 			DELAYED_MIC IEEE80211N IEEE80211AC INTERWORKING \
 			IEEE8021X_EAPOL EAPOL_TEST \
 			HS20 NO_ROAMING P2P TDLS DBUS MATCH DOCS \
-                        SIM_SIMULATOR USIM_SIMULATOR WEP PASN
+			SIM_SIMULATOR USIM_SIMULATOR WEP PASN LIBWPA
 OPTIONS_DEFAULT=	BSD WIRED \
 			TLS PEAP TTLS MD5 MSCHAPV2 GTC LEAP OTP PSK \
 			WPS PKCS12 SMARTCARD IEEE80211R DEBUG_SYSLOG \
 			INTERWORKING HS20 DBUS MATCH IEEE80211R IEEE80211W \
 			IEEE8021X_EAPOL WPS_ER WPS_NFC WPS_UPNP \
-			FAST PWD PAX SAKE GPSK TNC IKEV2 EKE WEP PASN
+			FAST PWD PAX SAKE GPSK TNC IKEV2 EKE WEP PASN LIBWPA
 OPTIONS_SUB=
 
 WPS_DESC=		Wi-Fi Protected Setup
 WPS_ER_DESC=		Enable WPS External Registrar
 WPS_NOREG_DESC=		Disable open network credentials when registrar
 WPS_NFC_DESC=		Near Field Communication (NFC) configuration
 WPS_UPNP_DESC=		Universal Plug and Play support
 PKCS12_DESC=		PKCS\#12 (PFS) support
 SMARTCARD_DESC=		Private key on smartcard support
 HT_OVERRIDES_DESC=	Disable HT/HT40, mask MCS rates, etc
 VHT_OVERRIDES_DESC=	Disable VHT, mask MCS rates, etc
 TLSV12_DESC=		Build with TLS v1.2 instead of TLS v1.0
 IEEE80211AC_DESC=	Very High Throughput, AP mode (IEEE 802.11ac)
 IEEE80211N_DESC=	High Throughput, AP mode (IEEE 802.11n)
 IEEE80211R_DESC=	Fast BSS Transition (IEEE 802.11r-2008)
 IEEE80211W_DESC=	Management Frame Protection (IEEE 802.11w)
 IEEE8021X_EAPOL_DESC=	EAP over LAN support
 EAPOL_TEST_DESC=	Development testing
 DEBUG_FILE_DESC=	Support for writing debug log to a file
 DEBUG_SYSLOG_DESC=	Send debug messages to syslog instead of stdout
 PRIVSEP_DESC=		Privilege separation
 DELAYED_MIC_DESC=	Mitigate TKIP attack, random delay on MIC errors
 INTERWORKING_DESC=	Improve ext. network interworking (IEEE 802.11u)
 HS20_DESC=		Hotspot 2.0
 NO_ROAMING_DESC=	Disable roaming
 P2P_DESC=		Peer-to-Peer support
 TDLS_DESC=		Tunneled Direct Link Setup
 MATCH_DESC=		Interface match mode
 
 DRV_DESC=		Driver options
 BSD_DESC=		BSD net80211 interface
 NDIS_DESC=		Windows NDIS interface
 WIRED_DESC=		Wired ethernet interface
 ROBOSWITCH_DESC=	Broadcom Roboswitch interface
 TEST_DESC=		Development testing interface
 NONE_DESC=		The 'no driver' interface, e.g. WPS ER only
 
 EAP_DESC=		Extensible Authentication Protocols
 TLS_DESC=		Transport Layer Security
 PEAP_DESC=		Protected Extensible Authentication Protocol
 TTLS_DESC=		Tunneled Transport Layer Security
 MD5_DESC=		MD5 hash (deprecated, no key generation)
 MSCHAPV2_DESC=		Microsoft CHAP version 2 (RFC 2759)
 GTC_DESC=		Generic Token Card
 LEAP_DESC=		Lightweight Extensible Authentication Protocol
 OTP_DESC=		One-Time Password
 PSK_DESC=		Pre-Shared key
 FAST_DESC=		Flexible Authentication via Secure Tunneling
 AKA_DESC=		Autentication and Key Agreement (UMTS)
 AKA_PRIME_DESC=		AKA Prime variant (RFC 5448)
 EKE_DESC=		Encrypted Key Exchange
 WEP_DESC=		WEP support
 SIM_DESC=		Subscriber Identity Module
 SIM_SIMULATOR_DESC=	SIM simulator (Milenage) for EAP-SIM
 USIM_SIMULATOR_DESC=	SIM simulator (Milenage) for EAP-AKA
 IKEV2_DESC=		Internet Key Exchange version 2
 PWD_DESC=		Shared password (RFC 5931)
 PAX_DESC=		Password Authenticated Exchange
 SAKE_DESC=		Shared-Secret Authentication & Key Establishment
 GPSK_DESC=		Generalized Pre-Shared Key
 TNC_DESC=		Trusted Network Connect
 PASN_DESC=		Pre-Association Security Negotiation
+LIBWPA_DESC=	libwpa_client Shared Library
 
 PRIVSEP_PLIST_FILES=	sbin/wpa_priv
 DBUS_PLIST_FILES=	share/dbus-1/system-services/fi.w1.wpa_supplicant1.service \
 			etc/dbus-1/system.d/dbus-wpa_supplicant.conf
+LIBWPA_PLIST_FILES=	lib/libwpa_client.so \
+			lib/libwpa_client.so.2 \
+			include/wpa_ctrl.h
 
 .include <bsd.port.pre.mk>
 
 .if ${PORT_OPTIONS:MNDIS} && ${PORT_OPTIONS:MPRIVSEP}
 BROKEN=	Fails to compile with both NDIS and PRIVSEP
 .endif
 
 .if ${PORT_OPTIONS:MIEEE80211AC} && ${PORT_OPTIONS:MIEEE80211N}
 BROKEN=	Fails to compile with both IEEE80211AC and IEEE80211N
 .endif
 
 .if ${PORT_OPTIONS:MSIM} || ${PORT_OPTIONS:MAKA} || ${PORT_OPTIONS:MAKA_PRIME}
 LIB_DEPENDS+=	libpcsclite.so:devel/pcsc-lite
 CFLAGS+=	-I${LOCALBASE}/include/PCSC
 LDFLAGS+=	-L${LOCALBASE}/lib
 .endif
 
 .if ${PORT_OPTIONS:MDBUS}
 LIB_DEPENDS+=	libdbus-1.so:devel/dbus
 .endif
 
 post-patch:
 	@${CP} ${FILESDIR}/Packet32.[ch] ${FILESDIR}/ntddndis.h \
 		${WRKSRC}/src/utils
 	# Set driver(s)
 .for item in BSD NDIS WIRED ROBOSWITCH TEST NONE
 .  if ${PORT_OPTIONS:M${item}}
 	@${ECHO_CMD} CONFIG_DRIVER_${item}=y >> ${CFG}
 .  endif
 .endfor
 	# Set EAP protocol(s)
 .for item in MD5 MSCHAPV2 TLS PEAP TTLS FAST GTC OTP PSK PWD PAX LEAP SIM \
 	AKA AKA_PRIME SAKE GPSK TNC IKEV2 EKE WEP
 .  if ${PORT_OPTIONS:M${item}}
 	@${ECHO_CMD} CONFIG_EAP_${item:tu}=y >> ${CFG}
 .  endif
 .endfor
 .if ${PORT_OPTIONS:MSIM} || ${PORT_OPTIONS:MAKA} || ${PORT_OPTIONS:MAKA_PRIME}
 	@${ECHO_CMD} CONFIG_PCSC=y >> ${CFG}
 .endif
 .for simple in WPS WPS_ER WPS_NFC WPS_UPNP PKCS12 SMARTCARD HT_OVERRIDES \
 	VHT_OVERRIDES TLSV12 IEEE80211AC IEEE80211N IEEE80211R IEEE80211W \
 	IEEE8021X_EAPOL EAPOL_TEST \
 	INTERWORKING DEBUG_FILE DEBUG_SYSLOG HS20 NO_ROAMING PRIVSEP P2P TDLS \
 	PASN
 .  if ${PORT_OPTIONS:M${simple}}
 	@${ECHO_CMD} CONFIG_${simple}=y >> ${CFG}
 .  endif
 .endfor
 .for item in READLINE PEERKEY
 	@${ECHO_CMD} CONFIG_${item}=y >> ${CFG}
 .endfor
 .if ${PORT_OPTIONS:MIEEE80211AC} || ${PORT_OPTIONS:MIEEE80211N}
 	@${ECHO_CMD} CONFIG_AP=y >> ${CFG}
 .endif
 .if ${PORT_OPTIONS:MGPSK}
 	# GPSK desired, assume highest SHA desired too
 	@${ECHO_CMD} CONFIG_EAP_GPSK_SHA256=y >> ${CFG}
 .endif
 .if ${PORT_OPTIONS:MWPS_NOREG}
 	@${ECHO_CMD} CONFIG_WPS_REG_DISABLE_OPEN=y >> ${CFG}
 .endif
 .if ${PORT_OPTIONS:MDELAYED_MIC}
 	@${ECHO_CMD} CONFIG_DELAYED_MIC_ERROR_REPORT=y >> ${CFG}
 .endif
 .if ${PORT_OPTIONS:MDBUS}
 	@${ECHO_CMD} CONFIG_CTRL_IFACE_DBUS_NEW=y >> ${CFG}
 	@${ECHO_CMD} CONFIG_CTRL_IFACE_DBUS_INTRO=y >> ${CFG}
 .endif
 .if ${PORT_OPTIONS:MMATCH}
 	@${ECHO_CMD} CONFIG_MATCH_IFACE=y >> ${CFG}
 .endif
 .if ${PORT_OPTIONS:MUSIM_SIMULATOR}
 	@${ECHO_CMD} CONFIG_USIM_SIMULATOR=y >> ${CFG}
 .endif
 .if ${PORT_OPTIONS:MSIM_SIMULATOR}
 	@${ECHO_CMD} CONFIG_SIM_SIMULATOR=y >> ${CFG}
+.endif
+.if ${PORT_OPTIONS:MLIBWPA}
+	@${ECHO_CMD} CONFIG_BUILD_WPA_CLIENT_SO=y >> ${CFG}
 .endif
 	@${ECHO_CMD} CONFIG_OS=unix >> ${CFG}
 	@${ECHO_CMD} CONFIG_CTRL_IFACE=unix >> ${CFG}
 	@${ECHO_CMD} CONFIG_BACKEND=file >> ${CFG}
 	@${ECHO_CMD} CONFIG_L2_PACKET=freebsd >> ${CFG}
 	@${ECHO_CMD} CONFIG_TLS=openssl >> ${CFG}
 
 post-build-EAPOL_TEST-on:
 	cd ${BUILD_WRKSRC} && ${GMAKE} eapol_test
 
 do-install:
 	(cd ${BUILD_WRKSRC} && ${INSTALL_PROGRAM} wpa_supplicant wpa_cli \
 		wpa_passphrase ${STAGEDIR}${PREFIX}/sbin)
 	${INSTALL_DATA} ${BUILD_WRKSRC}/wpa_supplicant.conf \
 		${STAGEDIR}${PREFIX}/etc/wpa_supplicant.conf.sample
 
 do-install-EAPOL_TEST-on:
 	${INSTALL_PROGRAM} ${BUILD_WRKSRC}/eapol_test ${STAGEDIR}${PREFIX}/sbin
 
 do-install-DOCS-on:
 	@${MKDIR} ${STAGEDIR}${DOCSDIR}
 	(cd ${BUILD_WRKSRC} && \
 		${INSTALL_DATA} ${PORTDOCS} ${STAGEDIR}${DOCSDIR})
 
 do-install-PRIVSEP-on:
 	${INSTALL_PROGRAM} ${BUILD_WRKSRC}/wpa_priv ${STAGEDIR}${PREFIX}/sbin
 
 do-install-DBUS-on:
 	@${MKDIR} ${STAGEDIR}${PREFIX}/share/dbus-1/system-services/
 	@${MKDIR} ${STAGEDIR}${PREFIX}/etc/dbus-1/system.d/
 	${INSTALL_DATA} ${BUILD_WRKSRC}/dbus/fi.w1.wpa_supplicant1.service \
 		${STAGEDIR}${PREFIX}/share/dbus-1/system-services/
 	${INSTALL_DATA} ${BUILD_WRKSRC}/dbus/dbus-wpa_supplicant.conf \
 		${STAGEDIR}${PREFIX}/etc/dbus-1/system.d/
 
+do-install-LIBWPA-on:
+	${INSTALL_LIB} ${BUILD_WRKSRC}/libwpa_client.so \
+		${STAGEDIR}${PREFIX}/lib/libwpa_client.so.2
+	${LN} -s libwpa_client.so.2 ${STAGEDIR}${PREFIX}/lib/libwpa_client.so
+	${INSTALL_DATA} ${INSTALL_WRKSRC}/common/wpa_ctrl.h \
+		${STAGEDIR}${PREFIX}/include
+
 .include <bsd.port.post.mk>
diff --git a/security/wpa_supplicant/files/patch-src_common_dhcp.h b/security/wpa_supplicant/files/patch-src_common_dhcp.h
index f88d1921a380..d25233a070b7 100644
--- a/security/wpa_supplicant/files/patch-src_common_dhcp.h
+++ b/security/wpa_supplicant/files/patch-src_common_dhcp.h
@@ -1,25 +1,25 @@
---- src/common/dhcp.h.orig	2018-12-02 11:34:59.000000000 -0800
-+++ src/common/dhcp.h	2018-12-06 00:01:11.429254000 -0800
+--- src/common/dhcp.h.orig	2024-07-20 18:04:37 UTC
++++ src/common/dhcp.h
 @@ -9,6 +9,22 @@
  #ifndef DHCP_H
  #define DHCP_H
  
 +/*
 + * Translate Linux to FreeBSD
 + */
 +#define iphdr		ip
 +#define ihl		ip_hl
 +#define verson		ip_v
 +#define tos		ip_tos
 +#define tot_len		ip_len
 +#define id		ip_id
 +#define frag_off	ip_off
 +#define ttl		ip_ttl
 +#define protocol	ip_p
 +#define check		ip_sum
 +#define saddr		ip_src
 +#define daddr		ip_dst
 +
  #include <netinet/ip.h>
  #if __FAVOR_BSD
  #include <netinet/udp.h>
diff --git a/security/wpa_supplicant/files/patch-src_drivers_driver__bsd.c b/security/wpa_supplicant/files/patch-src_drivers_driver__bsd.c
index 7c22ee2a372c..6e83ddc25b46 100644
--- a/security/wpa_supplicant/files/patch-src_drivers_driver__bsd.c
+++ b/security/wpa_supplicant/files/patch-src_drivers_driver__bsd.c
@@ -1,355 +1,357 @@
---- src/drivers/driver_bsd.c.orig	2024-07-20 11:04:37.000000000 -0700
-+++ src/drivers/driver_bsd.c	2025-04-07 12:47:28.984390000 -0700
+--- src/drivers/driver_bsd.c.orig	2024-07-20 18:04:37 UTC
++++ src/drivers/driver_bsd.c
 @@ -9,11 +9,13 @@
  
  #include "includes.h"
  #include <sys/ioctl.h>
 +#include <sys/param.h>
  
  #include "common.h"
  #include "driver.h"
  #include "eloop.h"
  #include "common/ieee802_11_defs.h"
 +#include "common/ieee802_11_common.h"
  #include "common/wpa_common.h"
  
  #include <ifaddrs.h>
-@@ -293,8 +295,9 @@
+@@ -293,8 +295,9 @@ static int
  }
  
  static int
 -bsd_get_iface_flags(struct bsd_driver_data *drv)
 +bsd_ctrl_iface(void *priv, int enable)
  {
 +	struct bsd_driver_data *drv = priv;
  	struct ifreq ifr;
  
  	os_memset(&ifr, 0, sizeof(ifr));
-@@ -306,7 +309,34 @@
+@@ -306,7 +309,34 @@ bsd_get_iface_flags(struct bsd_driver_data *drv)
  		return -1;
  	}
  	drv->flags = ifr.ifr_flags;
 +
 +
 +	if (enable) {
 +		if (ifr.ifr_flags & IFF_UP)
 +			goto nochange;
 +		ifr.ifr_flags |= IFF_UP;
 +	} else {
 +		if (!(ifr.ifr_flags & IFF_UP))
 +			goto nochange;
 +		ifr.ifr_flags &= ~IFF_UP;
 +	}
 +
 +	if (ioctl(drv->global->sock, SIOCSIFFLAGS, &ifr) < 0) {
 +		wpa_printf(MSG_ERROR, "ioctl[SIOCSIFFLAGS]: %s",
 +			   strerror(errno));
 +		return -1;
 +	}
 +
 +	wpa_printf(MSG_DEBUG, "%s: if %s (changed) enable %d IFF_UP %d ",
 +	    __func__, drv->ifname, enable, ((ifr.ifr_flags & IFF_UP) != 0));
 +
 +	drv->flags = ifr.ifr_flags;
  	return 0;
 +
 +nochange:
 +	wpa_printf(MSG_DEBUG, "%s: if %s (no change) enable %d IFF_UP %d ",
 +	    __func__, drv->ifname, enable, ((ifr.ifr_flags & IFF_UP) != 0));
 +	return 0;
  }
  
  static int
-@@ -349,6 +379,20 @@
+@@ -349,6 +379,20 @@ bsd_set_key(void *priv, struct wpa_driver_set_key_para
  	case WPA_ALG_CCMP:
  		wk.ik_type = IEEE80211_CIPHER_AES_CCM;
  		break;
 +#if defined(__FreeBSD_version) && __FreeBSD_version >= 1500027
 +	case WPA_ALG_CCMP_256:
 +		wk.ik_type = IEEE80211_CIPHER_AES_CCM_256;
 +		break;
 +	case WPA_ALG_GCMP:
 +		wk.ik_type = IEEE80211_CIPHER_AES_GCM_128;
 +		break;
 +	case WPA_ALG_GCMP_256:
 +		wk.ik_type = IEEE80211_CIPHER_AES_GCM_256;
 +		break;
 +	case WPA_ALG_BIP_CMAC_128:
 +		wk.ik_type = IEEE80211_CIPHER_BIP_CMAC_128;
 +		break;
 +#endif
  	default:
  		wpa_printf(MSG_ERROR, "%s: unknown alg=%d", __func__, alg);
  		return -1;
-@@ -413,13 +457,34 @@
+@@ -413,13 +457,34 @@ bsd_configure_wpa(void *priv, struct wpa_bss_params *p
  {
  #ifndef IEEE80211_IOC_APPIE
  	static const char *ciphernames[] =
 +#if defined(__FreeBSD_version) && __FreeBSD_version >= 1500027
 +		{ "WEP", "TKIP", "AES-OCB", "AES-CCM", "CKIP", "NONE",
 +		  "AES-CCM-256", "BIP-CMAC-128", "BIP-CMAC-256", "BIP-GMAC-128",
 +		  "BIP-GMAC-256", "AES-GCM-128", "AES-GCM-256" };
 +#else
  		{ "WEP", "TKIP", "AES-OCB", "AES-CCM", "CKIP", "NONE" };
 +#endif
 +
  	int v;
  
  	switch (params->wpa_group) {
  	case WPA_CIPHER_CCMP:
  		v = IEEE80211_CIPHER_AES_CCM;
  		break;
 +#if defined(__FreeBSD_version) && __FreeBSD_version >= 1500027
 +	case WPA_CIPHER_CCMP_256:
 +		v = IEEE80211_CIPHER_AES_CCM_256;
 +		break;
 +	case WPA_CIPHER_GCMP:
 +		v = IEEE80211_CIPHER_AES_GCM_128;
 +		break;
 +	case WPA_CIPHER_GCMP_256:
 +		v = IEEE80211_CIPHER_AES_GCM_256;
 +		break;
 +	case WPA_CIPHER_BIP_CMAC_128:
 +		v = IEEE80211_CIPHER_BIP_CMAC_128;
 +		break;
 +#endif
  	case WPA_CIPHER_TKIP:
  		v = IEEE80211_CIPHER_TKIP;
  		break;
-@@ -456,8 +521,18 @@
+@@ -456,8 +521,18 @@ bsd_configure_wpa(void *priv, struct wpa_bss_params *p
  	}
  
  	v = 0;
 +#if defined(__FreeBSD_version) && __FreeBSD_version >= 1500027
 +	if (params->wpa_pairwise & WPA_CIPHER_BIP_CMAC_128)
 +		v |= 1<<IEEE80211_CIPHER_BIP_CMAC_128;
 +	if (params->wpa_pairwise & WPA_CIPHER_GCMP)
 +		v |= 1<<IEEE80211_CIPHER_AES_GCM_128;
 +	if (params->wpa_pairwise & WPA_CIPHER_GCMP_256)
 +		v |= 1<<IEEE80211_CIPHER_AES_GCM_256;
  	if (params->wpa_pairwise & WPA_CIPHER_CCMP)
  		v |= 1<<IEEE80211_CIPHER_AES_CCM;
 +	if (params->wpa_pairwise & WPA_CIPHER_CCMP_256)
 +		v |= 1<<IEEE80211_CIPHER_AES_CCM_256;
 +#endif
  	if (params->wpa_pairwise & WPA_CIPHER_TKIP)
  		v |= 1<<IEEE80211_CIPHER_TKIP;
  	if (params->wpa_pairwise & WPA_CIPHER_NONE)
-@@ -525,7 +600,7 @@
+@@ -525,7 +600,7 @@ bsd_set_ieee8021x(void *priv, struct wpa_bss_params *p
  			   __func__);
  		return -1;
  	}
 -	return 0;
 +	return bsd_ctrl_iface(priv, 1);
  }
  
  static void
-@@ -586,6 +661,7 @@
+@@ -586,6 +661,7 @@ bsd_set_freq(void *priv, struct hostapd_freq_params *f
  		mode = IFM_IEEE80211_11B;
  	} else {
  		mode =
 +			freq->vht_enabled ? IFM_IEEE80211_VHT5G :
  			freq->ht_enabled ? IFM_IEEE80211_11NA :
  			IFM_IEEE80211_11A;
  	}
-@@ -853,14 +929,18 @@
+@@ -853,14 +929,18 @@ bsd_wireless_event_receive(int sock, void *ctx, void *
  		drv = bsd_get_drvindex(global, ifm->ifm_index);
  		if (drv == NULL)
  			return;
 -		if ((ifm->ifm_flags & IFF_UP) == 0 &&
 -		    (drv->flags & IFF_UP) != 0) {
 +		if (((ifm->ifm_flags & IFF_UP) == 0 ||
 +		    (ifm->ifm_flags & IFF_RUNNING) == 0) &&
 +		    (drv->flags & IFF_UP) != 0 &&
 +		    (drv->flags & IFF_RUNNING) != 0) {
  			wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' DOWN",
  				   drv->ifname);
  			wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_DISABLED,
  					     NULL);
  		} else if ((ifm->ifm_flags & IFF_UP) != 0 &&
 -		    (drv->flags & IFF_UP) == 0) {
 +		    (ifm->ifm_flags & IFF_RUNNING) != 0 &&
 +		    ((drv->flags & IFF_UP) == 0 ||
 +		    (drv->flags & IFF_RUNNING)  == 0)) {
  			wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' UP",
  				   drv->ifname);
  			wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED,
-@@ -1027,7 +1107,8 @@
+@@ -1027,7 +1107,8 @@ bsd_init(struct hostapd_data *hapd, struct wpa_init_pa
  	if (l2_packet_get_own_addr(drv->sock_xmit, params->own_addr))
  		goto bad;
  
 -	if (bsd_get_iface_flags(drv) < 0)
 +	/* mark down during setup */
 +	if (bsd_ctrl_iface(drv, 0) < 0)
  		goto bad;
  
  	if (bsd_set_mediaopt(drv, IFM_OMASK, IFM_IEEE80211_HOSTAP) < 0) {
-@@ -1052,12 +1133,13 @@
+@@ -1052,12 +1133,13 @@ bsd_deinit(void *priv)
  {
  	struct bsd_driver_data *drv = priv;
  
 +	if (drv->ifindex != 0)
 +		bsd_ctrl_iface(drv, 0);
  	if (drv->sock_xmit != NULL)
  		l2_packet_deinit(drv->sock_xmit);
  	os_free(drv);
  }
  
 -
  static int
  bsd_set_sta_authorized(void *priv, const u8 *addr,
  		       unsigned int total_flags, unsigned int flags_or,
-@@ -1199,13 +1281,41 @@
+@@ -1199,13 +1281,41 @@ static int
  }
  
  static int
 +wpa_driver_bsd_set_rsn_wpa_ie(struct bsd_driver_data * drv,
 +    struct wpa_driver_associate_params *params, const u8 *ie)
 +{
 +	int privacy;
 +	size_t ie_len = ie[1] ? ie[1] + 2 : 0;
 +
 +	/* XXX error handling is wrong but unclear what to do... */
 +	if (wpa_driver_bsd_set_wpa_ie(drv, ie, ie_len) < 0)
 +		return -1;
 +
 +	privacy = !(params->pairwise_suite == WPA_CIPHER_NONE &&
 +	    params->group_suite == WPA_CIPHER_NONE &&
 +	    params->key_mgmt_suite == WPA_KEY_MGMT_NONE);
 +	wpa_printf(MSG_DEBUG, "%s: set PRIVACY %u", __func__,
 +	    privacy);
 +
 +	if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0)
 +		return -1;
 +
 +	if (ie_len &&
 +	    set80211param(drv, IEEE80211_IOC_WPA,
 +	    ie[0] == WLAN_EID_RSN ? 2 : 1) < 0)
 +		return -1;
 +
 +	return 0;
 +}
 +
 +static int
  wpa_driver_bsd_associate(void *priv, struct wpa_driver_associate_params *params)
  {
  	struct bsd_driver_data *drv = priv;
  	struct ieee80211req_mlme mlme;
  	u32 mode;
 -	int privacy;
  	int ret = 0;
 +	const u8 *wpa_ie, *rsn_ie;
  
  	wpa_printf(MSG_DEBUG,
  		"%s: ssid '%.*s' wpa ie len %u pairwise %u group %u key mgmt %u"
-@@ -1222,7 +1332,10 @@
+@@ -1222,7 +1332,10 @@ wpa_driver_bsd_associate(void *priv, struct wpa_driver
  		mode = 0 /* STA */;
  		break;
  	case IEEE80211_MODE_IBSS:
 +#if 0
  		mode = IFM_IEEE80211_IBSS;
 +#endif
 +		mode = IFM_IEEE80211_ADHOC;
  		break;
  	case IEEE80211_MODE_AP:
  		mode = IFM_IEEE80211_HOSTAP;
-@@ -1251,22 +1364,31 @@
+@@ -1251,24 +1364,33 @@ wpa_driver_bsd_associate(void *priv, struct wpa_driver
  		ret = -1;
  	if (wpa_driver_bsd_set_auth_alg(drv, params->auth_alg) < 0)
  		ret = -1;
 -	/* XXX error handling is wrong but unclear what to do... */
 -	if (wpa_driver_bsd_set_wpa_ie(drv, params->wpa_ie, params->wpa_ie_len) < 0)
 -		return -1;
  
 -	privacy = !(params->pairwise_suite == WPA_CIPHER_NONE &&
 -	    params->group_suite == WPA_CIPHER_NONE &&
 -	    params->key_mgmt_suite == WPA_KEY_MGMT_NONE &&
 -	    params->wpa_ie_len == 0);
 -	wpa_printf(MSG_DEBUG, "%s: set PRIVACY %u", __func__, privacy);
--
--	if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0)
--		return -1;
 +	if (params->wpa_ie_len) {
 +		rsn_ie = get_ie(params->wpa_ie, params->wpa_ie_len,
 +		    WLAN_EID_RSN);
 +		if (rsn_ie) {
 +			if (wpa_driver_bsd_set_rsn_wpa_ie(drv, params,
 +			    rsn_ie) < 0)
 +				return -1;
 +		}
 +		else {
 +			wpa_ie = get_vendor_ie(params->wpa_ie,
 +			    params->wpa_ie_len, WPA_IE_VENDOR_TYPE);
 +			if (wpa_ie) {
 +				if (wpa_driver_bsd_set_rsn_wpa_ie(drv, params,
 +				    wpa_ie) < 0)
 +					return -1;
 +			}
 +		}
 +	}
  
--	if (params->wpa_ie_len &&
--	    set80211param(drv, IEEE80211_IOC_WPA,
--			  params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1) < 0)
+-	if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0)
 +	/*
 +	 * NB: interface must be marked UP for association
 +	 * or scanning (ap_scan=2)
 +	 */
 +	if (bsd_ctrl_iface(drv, 1) < 0)
  		return -1;
  
+-	if (params->wpa_ie_len &&
+-	    set80211param(drv, IEEE80211_IOC_WPA,
+-			  params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1) < 0)
+-		return -1;
+-
  	os_memset(&mlme, 0, sizeof(mlme));
-@@ -1311,11 +1433,8 @@
+ 	mlme.im_op = IEEE80211_MLME_ASSOC;
+ 	if (params->ssid != NULL)
+@@ -1311,11 +1433,8 @@ wpa_driver_bsd_scan(void *priv, struct wpa_driver_scan
  	}
  
  	/* NB: interface must be marked UP to do a scan */
 -	if (!(drv->flags & IFF_UP)) {
 -		wpa_printf(MSG_DEBUG, "%s: interface is not up, cannot scan",
 -			   __func__);
 +	if (bsd_ctrl_iface(drv, 1) < 0)
  		return -1;
 -	}
  
  #ifdef IEEE80211_IOC_SCAN_MAX_SSID
  	os_memset(&sr, 0, sizeof(sr));
-@@ -1495,6 +1614,12 @@
+@@ -1495,6 +1614,12 @@ static int wpa_driver_bsd_capa(struct bsd_driver_data 
  		drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP;
  	if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_AES_CCM)
  		drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP;
 +#if defined(__FreeBSD_version) && __FreeBSD_version >= 1500027
 +	if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_AES_GCM_128)
 +		drv->capa.enc |= WPA_DRIVER_CAPA_ENC_GCMP;
 +	if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_BIP_CMAC_128)
 +		drv->capa.enc |= WPA_DRIVER_CAPA_ENC_BIP;
 +#endif
  
  	if (devcaps.dc_drivercaps & IEEE80211_C_HOSTAP)
  		drv->capa.flags |= WPA_DRIVER_FLAGS_AP;
-@@ -1547,6 +1672,8 @@
+@@ -1547,6 +1672,8 @@ get80211opmode(struct bsd_driver_data *drv)
  		}
  		if (ifmr.ifm_current & IFM_IEEE80211_HOSTAP)
  			return IEEE80211_M_HOSTAP;
 +		if (ifmr.ifm_current & IFM_IEEE80211_IBSS)
 +			return IEEE80211_M_IBSS;
  		if (ifmr.ifm_current & IFM_IEEE80211_MONITOR)
  			return IEEE80211_M_MONITOR;
  #ifdef IEEE80211_M_MBSS
-@@ -1607,7 +1734,7 @@
+@@ -1607,7 +1734,7 @@ wpa_driver_bsd_init(void *ctx, const char *ifname, voi
  		drv->capa.key_mgmt_iftype[i] = drv->capa.key_mgmt;
  
  	/* Down interface during setup. */
 -	if (bsd_get_iface_flags(drv) < 0)
 +	if (bsd_ctrl_iface(drv, 0) < 0)
  		goto fail;
  
  	/* Proven to work, lets go! */
-@@ -1631,6 +1758,9 @@
+@@ -1630,6 +1757,9 @@ wpa_driver_bsd_deinit(void *priv)
+ 
  	if (drv->ifindex != 0 && !drv->if_removed) {
  		wpa_driver_bsd_set_wpa(drv, 0);
- 
++
 +		/* NB: mark interface down */
 +		bsd_ctrl_iface(drv, 0);
-+
+ 
  		wpa_driver_bsd_set_wpa_internal(drv, drv->prev_wpa,
  						drv->prev_privacy);
- 
diff --git a/security/wpa_supplicant/files/patch-src_drivers_driver__ndis.c b/security/wpa_supplicant/files/patch-src_drivers_driver__ndis.c
index 5c58337c4b3d..3fa5a11bd8e2 100644
--- a/security/wpa_supplicant/files/patch-src_drivers_driver__ndis.c
+++ b/security/wpa_supplicant/files/patch-src_drivers_driver__ndis.c
@@ -1,89 +1,89 @@
---- src/drivers/driver_ndis.c.orig	2019-08-07 13:25:25 UTC
+--- src/drivers/driver_ndis.c.orig	2024-07-20 18:04:37 UTC
 +++ src/drivers/driver_ndis.c
-@@ -504,13 +504,13 @@ static int ndis_get_oid(struct wpa_drive
+@@ -504,13 +504,13 @@ static int ndis_get_oid(struct wpa_driver_ndis_data *d
  	o->Length = len;
  
  	if (!PacketRequest(drv->adapter, FALSE, o)) {
 -		wpa_printf(MSG_DEBUG, "%s: oid=0x%x len (%d) failed",
 +		wpa_printf(MSG_DEBUG, "%s: oid=0x%x len (%lu) failed",
  			   __func__, oid, len);
  		os_free(buf);
  		return -1;
  	}
  	if (o->Length > len) {
 -		wpa_printf(MSG_DEBUG, "%s: oid=0x%x Length (%d) > len (%d)",
 +		wpa_printf(MSG_DEBUG, "%s: oid=0x%x Length (%d) > len (%lu)",
  			   __func__, oid, (unsigned int) o->Length, len);
  		os_free(buf);
  		return -1;
-@@ -573,7 +573,7 @@ static int ndis_set_oid(struct wpa_drive
+@@ -573,7 +573,7 @@ static int ndis_set_oid(struct wpa_driver_ndis_data *d
  		os_memcpy(o->Data, data, len);
  
  	if (!PacketRequest(drv->adapter, TRUE, o)) {
 -		wpa_printf(MSG_DEBUG, "%s: oid=0x%x len (%d) failed",
 +		wpa_printf(MSG_DEBUG, "%s: oid=0x%x len (%lu) failed",
  			   __func__, oid, len);
  		os_free(buf);
  		return -1;
-@@ -1531,7 +1531,7 @@ static void wpa_driver_ndis_event_auth(s
+@@ -1543,7 +1543,7 @@ static void wpa_driver_ndis_event_auth(struct wpa_driv
  
  	if (data_len < sizeof(*req)) {
  		wpa_printf(MSG_DEBUG, "NDIS: Too short Authentication Request "
 -			   "Event (len=%d)", data_len);
 +			   "Event (len=%lu)", data_len);
  		return;
  	}
  	req = (NDIS_802_11_AUTHENTICATION_REQUEST *) data;
-@@ -1565,7 +1565,7 @@ static void wpa_driver_ndis_event_pmkid(
+@@ -1577,7 +1577,7 @@ static void wpa_driver_ndis_event_pmkid(struct wpa_dri
  
  	if (data_len < 8) {
  		wpa_printf(MSG_DEBUG, "NDIS: Too short PMKID Candidate List "
 -			   "Event (len=%d)", data_len);
 +			   "Event (len=%lu)", data_len);
  		return;
  	}
  	pmkid = (NDIS_802_11_PMKID_CANDIDATE_LIST *) data;
-@@ -1587,7 +1587,7 @@ static void wpa_driver_ndis_event_pmkid(
+@@ -1599,7 +1599,7 @@ static void wpa_driver_ndis_event_pmkid(struct wpa_dri
  	os_memset(&event, 0, sizeof(event));
  	for (i = 0; i < pmkid->NumCandidates; i++) {
  		PMKID_CANDIDATE *p = &pmkid->CandidateList[i];
 -		wpa_printf(MSG_DEBUG, "NDIS: %d: " MACSTR " Flags 0x%x",
 +		wpa_printf(MSG_DEBUG, "NDIS: %lu: " MACSTR " Flags 0x%x",
  			   i, MAC2STR(p->BSSID), (int) p->Flags);
  		os_memcpy(event.pmkid_candidate.bssid, p->BSSID, ETH_ALEN);
  		event.pmkid_candidate.index = i;
-@@ -1778,7 +1778,7 @@ static void wpa_driver_ndis_get_capabili
+@@ -1790,7 +1790,7 @@ static void wpa_driver_ndis_get_capability(struct wpa_
  				   "overflow");
  			break;
  		}
 -		wpa_printf(MSG_MSGDUMP, "NDIS: %d - auth %d encr %d",
 +		wpa_printf(MSG_MSGDUMP, "NDIS: %lu - auth %d encr %d",
  			   i, (int) ae->AuthModeSupported,
  			   (int) ae->EncryptStatusSupported);
  		switch (ae->AuthModeSupported) {
-@@ -2106,7 +2106,11 @@ static int wpa_driver_ndis_get_names(str
+@@ -2118,7 +2118,11 @@ static int wpa_driver_ndis_get_names(struct wpa_driver
  		dlen = dpos - desc;
  	else
  		dlen = os_strlen(desc);
 -	drv->adapter_desc = dup_binstr(desc, dlen);
 +	drv->adapter_desc = os_malloc(dlen + 1);
 +	if (drv->adapter_desc) {
 +		os_memcpy(drv->adapter_desc, desc, dlen);
 +		drv->adapter_desc[dlen] = '\0';
 +	}
  	os_free(b);
  	if (drv->adapter_desc == NULL)
  		return -1;
-@@ -2274,7 +2278,11 @@ static int wpa_driver_ndis_get_names(str
+@@ -2286,7 +2290,11 @@ static int wpa_driver_ndis_get_names(struct wpa_driver
  	} else {
  		dlen = os_strlen(desc[i]);
  	}
 -	drv->adapter_desc = dup_binstr(desc[i], dlen);
 +	drv->adapter_desc = os_malloc(dlen + 1);
 +	if (drv->adapter_desc) {
 +		os_memcpy(drv->adapter_desc, desc[i], dlen);
 +		drv->adapter_desc[dlen] = '\0';
 +	}
  	os_free(names);
  	if (drv->adapter_desc == NULL)
  		return -1;
diff --git a/security/wpa_supplicant/files/patch-src_l2__packet_l2__packet__freebsd.c b/security/wpa_supplicant/files/patch-src_l2__packet_l2__packet__freebsd.c
index 2ec52fcdcd85..cd0c9a56f055 100644
--- a/security/wpa_supplicant/files/patch-src_l2__packet_l2__packet__freebsd.c
+++ b/security/wpa_supplicant/files/patch-src_l2__packet_l2__packet__freebsd.c
@@ -1,14 +1,14 @@
---- src/l2_packet/l2_packet_freebsd.c.orig	2023-10-30 10:53:18.000000000 -0700
-+++ src/l2_packet/l2_packet_freebsd.c	2023-10-30 14:10:36.396969000 -0700
+--- src/l2_packet/l2_packet_freebsd.c.orig	2024-07-20 18:04:37 UTC
++++ src/l2_packet/l2_packet_freebsd.c
 @@ -8,7 +8,10 @@
   */
  
  #include "includes.h"
 -#if defined(__APPLE__) || defined(__GLIBC__)
 +#if defined(__FreeBSD__) \
 + || defined(__DragonFly__) \
 + || defined(__APPLE__) \
 + || defined(__GLIBC__)
  #include <net/bpf.h>
  #endif /* __APPLE__ */
  #include <pcap.h>
diff --git a/security/wpa_supplicant/files/patch-src_utils_os__unix.c b/security/wpa_supplicant/files/patch-src_utils_os__unix.c
index d3ebadbba827..3feccd7f0b28 100644
--- a/security/wpa_supplicant/files/patch-src_utils_os__unix.c
+++ b/security/wpa_supplicant/files/patch-src_utils_os__unix.c
@@ -1,15 +1,14 @@
---- src/utils/os_unix.c.orig	2024-05-10 09:57:55.000000000 -0700
-+++ src/utils/os_unix.c	2024-06-01 22:18:54.999484000 -0700
-@@ -103,10 +103,12 @@
+--- src/utils/os_unix.c.orig	2024-07-20 18:04:37 UTC
++++ src/utils/os_unix.c
+@@ -103,9 +103,11 @@ int os_get_reltime(struct os_reltime *t)
  			break;
  #endif
  #ifdef CLOCK_MONOTONIC
 +#if !(defined(CLOCK_BOOTTIME) && CLOCK_BOOTTIME == CLOCK_MONOTONIC)
  		case CLOCK_MONOTONIC:
  			clock_id = CLOCK_REALTIME;
  			break;
- #endif
 +#endif
+ #endif
  		case CLOCK_REALTIME:
  			return -1;
- 		}
diff --git a/security/wpa_supplicant/files/patch-src_wps_wps__upnp.c b/security/wpa_supplicant/files/patch-src_wps_wps__upnp.c
index ee10b79e48aa..2a0e56329a07 100644
--- a/security/wpa_supplicant/files/patch-src_wps_wps__upnp.c
+++ b/security/wpa_supplicant/files/patch-src_wps_wps__upnp.c
@@ -1,12 +1,12 @@
---- src/wps/wps_upnp.c.orig	2021-03-16 13:50:10.000000000 -0700
-+++ src/wps/wps_upnp.c	2021-03-18 12:49:19.537874000 -0700
-@@ -963,7 +963,8 @@
+--- src/wps/wps_upnp.c.orig	2024-07-20 18:04:37 UTC
++++ src/wps/wps_upnp.c
+@@ -963,7 +963,8 @@ int get_netif_info(const char *net_if, unsigned *ip_ad
  		goto fail;
  	}
  	os_memcpy(mac, req.ifr_addr.sa_data, 6);
 -#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || defined(__APPLE__)
 +#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || defined(__APPLE__) \
 +	|| defined(__DragonFly__)
  	if (eth_get(net_if, mac) < 0) {
  		wpa_printf(MSG_ERROR, "WPS UPnP: Failed to get MAC address");
  		goto fail;
diff --git a/security/wpa_supplicant/files/patch-wpa__supplicant_Makefile b/security/wpa_supplicant/files/patch-wpa__supplicant_Makefile
index 9f1393fb85da..1efb42a0844f 100644
--- a/security/wpa_supplicant/files/patch-wpa__supplicant_Makefile
+++ b/security/wpa_supplicant/files/patch-wpa__supplicant_Makefile
@@ -1,17 +1,26 @@
---- wpa_supplicant/Makefile.orig	2015-03-15 17:30:39 UTC
+--- wpa_supplicant/Makefile.orig	2024-07-20 18:04:37 UTC
 +++ wpa_supplicant/Makefile
-@@ -99,6 +99,14 @@ OBJS += ../src/utils/os_$(CONFIG_OS).o
+@@ -140,6 +140,14 @@ OBJS_c += ../src/utils/os_$(CONFIG_OS).o
  OBJS_p += ../src/utils/os_$(CONFIG_OS).o
  OBJS_c += ../src/utils/os_$(CONFIG_OS).o
  
 +ifdef CONFIG_DRIVER_NDIS
 +OBJS += ../src/utils/Packet32.o
 +ifdef CONFIG_PRIVSEP
 +OBJS += ../src/drivers/driver_ndis.o
 +endif
 +OBJS_priv += ../src/utils/Packet32.o
 +endif
 +
  ifdef CONFIG_WPA_TRACE
  CFLAGS += -DWPA_TRACE
  OBJS += ../src/utils/trace.o
+@@ -2050,7 +2058,7 @@ libwpa_client.so: $(LIBCTRLSO)
+ 
+ libwpa_client.so: $(LIBCTRLSO)
+ 	@$(E) "  CC  $@ ($^)"
+-	$(Q)$(CC) $(LDFLAGS) -o $@ $(CFLAGS) -shared -fPIC $^
++	$(Q)$(CC) $(LDFLAGS) -o $@ $(CFLAGS) -Wl,-soname,$@.2 -shared -fPIC $^
+ 
+ OBJS_wpatest := libwpa_test.o
+ _OBJS_VAR := OBJS_wpatest
diff --git a/security/wpa_supplicant/files/patch-wpa__supplicant_ctrl__iface__unix.c b/security/wpa_supplicant/files/patch-wpa__supplicant_ctrl__iface__unix.c
index cc73ac35cd35..80a0c9d7cf1a 100644
--- a/security/wpa_supplicant/files/patch-wpa__supplicant_ctrl__iface__unix.c
+++ b/security/wpa_supplicant/files/patch-wpa__supplicant_ctrl__iface__unix.c
@@ -1,36 +1,36 @@
---- wpa_supplicant/ctrl_iface_unix.c.orig	2022-01-16 12:51:29.000000000 -0800
-+++ wpa_supplicant/ctrl_iface_unix.c	2023-11-29 08:12:07.843443000 -0800
-@@ -506,6 +506,10 @@
+--- wpa_supplicant/ctrl_iface_unix.c.orig	2024-07-20 18:04:37 UTC
++++ wpa_supplicant/ctrl_iface_unix.c
+@@ -509,6 +509,10 @@ static int wpas_ctrl_iface_open_sock(struct wpa_suppli
  	struct group *grp;
  	char *endp;
  	int flags;
 +#if defined(__FreeBSD__)
 +	int optval, rc;
 +	socklen_t optlen;
 +#endif
  
  	buf = os_strdup(wpa_s->conf->ctrl_interface);
  	if (buf == NULL)
-@@ -678,6 +682,22 @@
+@@ -681,6 +685,22 @@ havesock:
  			/* Not fatal, continue on.*/
  		}
  	}
 +
 +#if defined(__FreeBSD__)
 +	/* Ensure we can send a full length message atomically. */
 +	optval = 0;
 +	optlen = sizeof(optval);
 +	if (getsockopt(priv->sock, SOL_SOCKET, SO_SNDBUF, &optval, &optlen) == -1) {
 +		wpa_printf(MSG_INFO, "failed to get sndbuf for sock=%d: %s",
 +			   priv->sock, strerror(errno));
 +	} else if (optval < CTRL_IFACE_MAX_LEN) {
 +		optval = CTRL_IFACE_MAX_LEN;
 +		if (setsockopt(priv->sock, SOL_SOCKET, SO_SNDBUF, &optval,
 +			       sizeof(optval)) == -1)
 +			wpa_printf(MSG_ERROR, "failed to set sndbuf for "
 +				   "sock=%d: %s", priv->sock, strerror(errno));
 +	}
 +#endif
  
  	eloop_register_read_sock(priv->sock, wpa_supplicant_ctrl_iface_receive,
  				 wpa_s, priv);
diff --git a/security/wpa_supplicant/files/patch-wpa__supplicant_main.c b/security/wpa_supplicant/files/patch-wpa__supplicant_main.c
index 3042768f44d9..f9db90635a4c 100644
--- a/security/wpa_supplicant/files/patch-wpa__supplicant_main.c
+++ b/security/wpa_supplicant/files/patch-wpa__supplicant_main.c
@@ -1,33 +1,33 @@
---- wpa_supplicant/main.c.orig	2016-11-05 20:56:30 UTC
+--- wpa_supplicant/main.c.orig	2024-07-20 18:04:37 UTC
 +++ wpa_supplicant/main.c
-@@ -66,7 +66,7 @@ static void usage(void)
+@@ -67,7 +67,7 @@ static void usage(void)
  	       "  -c = Configuration file\n"
  	       "  -C = ctrl_interface parameter (only used if -c is not)\n"
  	       "  -d = increase debugging verbosity (-dd even more)\n"
 -	       "  -D = driver name (can be multiple drivers: nl80211,wext)\n"
 +	       "  -D = driver name (can be multiple drivers: bsd,wired)\n"
  	       "  -e = entropy file\n"
  #ifdef CONFIG_DEBUG_FILE
  	       "  -f = log output to debug file instead of stdout\n"
-@@ -105,8 +105,7 @@ static void usage(void)
+@@ -106,8 +106,7 @@ static void usage(void)
  	       "  -W = wait for a control interface monitor before starting\n");
  
  	printf("example:\n"
 -	       "  wpa_supplicant -D%s -iwlan0 -c/etc/wpa_supplicant.conf\n",
 -	       wpa_drivers[0] ? wpa_drivers[0]->name : "nl80211");
 +                "  wpa_supplicant -Dbsd -iwlan0 -c/etc/wpa_supplicant.conf\n");
  #endif /* CONFIG_NO_STDOUT_DEBUG */
  }
  
 @@ -199,6 +198,11 @@ int main(int argc, char *argv[])
+ 	iface_count = 1;
  
  	wpa_supplicant_fd_workaround(1);
- 
++
 +#ifdef CONFIG_DRIVER_NDIS
 +	void driver_ndis_init_ops(void);
 +	driver_ndis_init_ops();
 +#endif /* CONFIG_DRIVER_NDIS */
-+
+ 
  	for (;;) {
  		c = getopt(argc, argv,
- 			   "b:Bc:C:D:de:f:g:G:hi:I:KLMm:No:O:p:P:qsTtuvW");
diff --git a/security/wpa_supplicant/files/patch-wpa__supplicant_wpa__supplicant.c b/security/wpa_supplicant/files/patch-wpa__supplicant_wpa__supplicant.c
index 42f150b3595c..8013244d9f7f 100644
--- a/security/wpa_supplicant/files/patch-wpa__supplicant_wpa__supplicant.c
+++ b/security/wpa_supplicant/files/patch-wpa__supplicant_wpa__supplicant.c
@@ -1,16 +1,16 @@
---- wpa_supplicant/wpa_supplicant.c.orig	2019-04-21 03:10:22.000000000 -0400
-+++ wpa_supplicant/wpa_supplicant.c	2019-05-15 22:44:44.919859000 -0400
-@@ -6357,13 +6357,6 @@
+--- wpa_supplicant/wpa_supplicant.c.orig	2024-07-20 18:04:37 UTC
++++ wpa_supplicant/wpa_supplicant.c
+@@ -7983,13 +7983,6 @@ struct wpa_global * wpa_supplicant_init(struct wpa_par
  	if (params == NULL)
  		return NULL;
  
 -#ifdef CONFIG_DRIVER_NDIS
 -	{
 -		void driver_ndis_init_ops(void);
 -		driver_ndis_init_ops();
 -	}
 -#endif /* CONFIG_DRIVER_NDIS */
 -
  #ifndef CONFIG_NO_WPA_MSG
  	wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb);
  #endif /* CONFIG_NO_WPA_MSG */