Index: head/security/wpa_supplicant/Makefile
===================================================================
--- head/security/wpa_supplicant/Makefile	(revision 477201)
+++ head/security/wpa_supplicant/Makefile	(revision 477202)
@@ -1,185 +1,187 @@
 # $FreeBSD$
 
 PORTNAME=	wpa_supplicant
 PORTVERSION=	2.6
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	security net
 MASTER_SITES=	https://w1.fi/releases/
-PATCH_SITES=	https://w1.fi/security/2017-1/
+PATCH_SITES=	https://w1.fi/security/2017-1/ \
+		https://w1.fi/security/2018-1/
 PATCHFILES=	rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch \
 	rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch \
 	rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch \
 	rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch \
 	rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch \
 	rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch \
 	rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch \
-	rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
+	rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch \
+	rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch 
 PATCH_DIST_STRIP=	-p1
 
 MAINTAINER=	cy@FreeBSD.org
 COMMENT=	Supplicant (client) for WPA/802.1x protocols
 
 LICENSE=	BSD3CLAUSE
 LICENSE_FILE=	${WRKSRC}/README
 
 USES=		cpe gmake readline ssl
 BUILD_WRKSRC=	${WRKSRC}/wpa_supplicant
 INSTALL_WRKSRC=	${WRKSRC}/src
 CFLAGS+=	${CPPFLAGS} # USES=readline only augments CPPFLAGS and LDFLAGS
 CFLAGS+=	-I${OPENSSLINC}
 LDFLAGS+=	-L${OPENSSLLIB} -lutil
 MAKE_ENV=	V=1
 
 SUB_FILES=	pkg-message
 PORTDOCS=	README ChangeLog
 
 CFG=		${BUILD_WRKSRC}/.config
 
 OPTIONS_MULTI=		DRV EAP
 OPTIONS_MULTI_DRV=	BSD WIRED NDIS TEST NONE #ROBOSWITCH
 OPTIONS_MULTI_EAP=	TLS PEAP TTLS MD5 MSCHAPv2 GTC LEAP OTP PSK FAST \
 			SIM PWD PAX AKA AKA_PRIME SAKE GPSK TNC IKEv2 EKE
 OPTIONS_DEFINE=		WPS WPS_ER WPS_NOREG WPS_NFC PKCS12 SMARTCARD \
 			HT_OVERRIDES VHT_OVERRIDES TLSV12 IEEE80211W \
 			IEEE80211R DEBUG_FILE DEBUG_SYSLOG PRIVSEP \
 			DELAYED_MIC IEEE80211N IEEE80211AC INTERWORKING \
 			HS20 NO_ROAMING P2P TDLS DOCS
 OPTIONS_DEFAULT=	BSD WIRED NDIS \
 			TLS PEAP TTLS MD5 MSCHAPv2 GTC LEAP OTP PSK \
 			WPS PKCS12 SMARTCARD IEEE80211R DEBUG_SYSLOG \
 			INTERWORKING HS20
 
 WPS_DESC=		Wi-Fi Protected Setup
 WPS_ER_DESC=		Enable WPS External Registrar
 WPS_NOREG_DESC=		Disable open network credentials when registrar
 WPS_NFC_DESC=		Near Field Communication (NFC) configuration
 PKCS12_DESC=		PKCS\#12 (PFS) support
 SMARTCARD_DESC=		Private key on smartcard support
 HT_OVERRIDES_DESC=	Disable HT/HT40, mask MCS rates, etc
 VHT_OVERRIDES_DESC=	Disable VHT, mask MCS rates, etc
 TLSV12_DESC=		Build with TLS v1.2 instead of TLS v1.0
 IEEE80211AC_DESC=	Very High Throughput, AP mode (IEEE 802.11ac)
 IEEE80211N_DESC=	High Throughput, AP mode (IEEE 802.11n)
 IEEE80211R_DESC=	Fast BSS Transition (IEEE 802.11r-2008)
 IEEE80211W_DESC=	Management Frame Protection (IEEE 802.11w)
 DEBUG_FILE_DESC=	Support for writing debug log to a file
 DEBUG_SYSLOG_DESC=	Send debug messages to syslog instead of stdout
 PRIVSEP_DESC=		Privilege separation
 DELAYED_MIC_DESC=	Mitigate TKIP attack, random delay on MIC errors
 INTERWORKING_DESC=	Improve ext. network interworking (IEEE 802.11u)
 HS20_DESC=		Hotspot 2.0
 NO_ROAMING_DESC=	Disable roaming
 P2P_DESC=		Peer-to-Peer support
 TDLS_DESC=		Tunneled Direct Link Setup
 
 DRV_DESC=		Driver options
 BSD_DESC=		BSD net80211 interface
 NDIS_DESC=		Windows NDIS interface
 WIRED_DESC=		Wired ethernet interface
 ROBOSWITCH_DESC=	Broadcom Roboswitch interface
 TEST_DESC=		Development testing interface
 NONE_DESC=		The 'no driver' interface, e.g. WPS ER only
 
 EAP_DESC=		Extensible Authentication Protocols
 TLS_DESC=		Transport Layer Security
 PEAP_DESC=		Protected Extensible Authentication Protocol
 TTLS_DESC=		Tunneled Transport Layer Security
 MD5_DESC=		MD5 hash (deprecated, no key generation)
 MSCHAPv2_DESC=		Microsoft CHAP version 2 (RFC 2759)
 GTC_DESC=		Generic Token Card
 LEAP_DESC=		Lightweight Extensible Authentication Protocol
 OTP_DESC=		One-Time Password
 PSK_DESC=		Pre-Shared key
 FAST_DESC=		Flexible Authentication via Secure Tunneling
 AKA_DESC=		Autentication and Key Agreement (UMTS)
 AKA_PRIME_DESC=		AKA Prime variant (RFC 5448)
 EKE_DESC=		Encrypted Key Exchange
 SIM_DESC=		Subscriber Identity Module
 IKEv2_DESC=		Internet Key Exchange version 2
 PWD_DESC=		Shared password (RFC 5931)
 PAX_DESC=		Password Authenticated Exchange
 SAKE_DESC=		Shared-Secret Authentication & Key Establishment
 GPSK_DESC=		Generalized Pre-Shared Key
 TNC_DESC=		Trusted Network Connect
 
 PRIVSEP_PLIST_FILES=	sbin/wpa_priv
 
 .include <bsd.port.pre.mk>
 
 .if ${PORT_OPTIONS:MNDIS} && ${PORT_OPTIONS:MPRIVSEP}
 BROKEN=	Fails to compile with both NDIS and PRIVSEP
 .endif
 
 .if ${PORT_OPTIONS:MIEEE80211AC} && ${PORT_OPTIONS:MIEEE80211N}
 BROKEN=	Fails to compile with both IEEE80211AC and IEEE80211N
 .endif
 
 .if ${PORT_OPTIONS:MSIM} || ${PORT_OPTIONS:MAKA} || ${PORT_OPTIONS:MAKA_PRIME}
 LIB_DEPENDS+=	libpcsclite.so:devel/pcsc-lite
 CFLAGS+=	-I${LOCALBASE}/include/PCSC
 LDFLAGS+=	-L${LOCALBASE}/lib
 .endif
 
 post-patch:
 	@${CP} ${FILESDIR}/Packet32.[ch] ${FILESDIR}/ntddndis.h \
 		${WRKSRC}/src/utils
 	# Set driver(s)
 .for item in BSD NDIS WIRED ROBOSWITCH TEST NONE
 .  if ${PORT_OPTIONS:M${item}}
 	@${ECHO_CMD} CONFIG_DRIVER_${item}=y >> ${CFG}
 .  endif
 .endfor
 	# Set EAP protocol(s)
 .for item in MD5 MSCHAPv2 TLS PEAP TTLS FAST GTC OTP PSK PWD PAX LEAP SIM \
 	AKA AKA_PRIME SAKE GPSK TNC IKEv2 EKE
 .  if ${PORT_OPTIONS:M${item}}
 	@${ECHO_CMD} CONFIG_EAP_${item:tu}=y >> ${CFG}
 .  endif
 .endfor
 .if ${PORT_OPTIONS:MSIM} || ${PORT_OPTIONS:MAKA} || ${PORT_OPTIONS:MAKA_PRIME}
 	@${ECHO_CMD} CONFIG_PCSC=y >> ${CFG}
 .endif
 .for simple in WPS WPS_ER WPS_NFC PKCS12 SMARTCARD HT_OVERRIDES \
 	VHT_OVERRIDES TLSV12 IEEE80211AC IEEE80211N IEEE80211R IEEE80211W \
 	INTERWORKING DEBUG_FILE DEBUG_SYSLOG HS20 NO_ROAMING PRIVSEP P2P TDLS
 .  if ${PORT_OPTIONS:M${simple}}
 	@${ECHO_CMD} CONFIG_${simple}=y >> ${CFG}
 .  endif
 .endfor
 .for item in READLINE PEERKEY
 	@${ECHO_CMD} CONFIG_${item}=y >> ${CFG}
 .endfor
 .if ${PORT_OPTIONS:MIEEE80211AC} || ${PORT_OPTIONS:MIEEE80211N}
 	@${ECHO_CMD} CONFIG_AP=y >> ${CFG}
 .endif
 .if ${PORT_OPTIONS:MGPSK}
 	# GPSK desired, assume highest SHA desired too
 	@${ECHO_CMD} CONFIG_EAP_GPSK_SHA256=y >> ${CFG}
 .endif
 .if ${PORT_OPTIONS:MWPS_NOREG}
 	@${ECHO_CMD} CONFIG_WPS_REG_DISABLE_OPEN=y >> ${CFG}
 .endif
 .if ${PORT_OPTIONS:MDELAYED_MIC}
 	@${ECHO_CMD} CONFIG_DELAYED_MIC_ERROR_REPORT=y >> ${CFG}
 .endif
 	@${ECHO_CMD} CONFIG_OS=unix >> ${CFG}
 	@${ECHO_CMD} CONFIG_CTRL_IFACE=unix >> ${CFG}
 	@${ECHO_CMD} CONFIG_BACKEND=file >> ${CFG}
 	@${ECHO_CMD} CONFIG_L2_PACKET=freebsd >> ${CFG}
 	@${ECHO_CMD} CONFIG_TLS=openssl >> ${CFG}
 
 do-install:
 	(cd ${BUILD_WRKSRC} && ${INSTALL_PROGRAM} wpa_supplicant wpa_cli \
 		wpa_passphrase ${STAGEDIR}${PREFIX}/sbin)
 	${INSTALL_DATA} ${BUILD_WRKSRC}/wpa_supplicant.conf \
 		${STAGEDIR}${PREFIX}/etc/wpa_supplicant.conf.sample
 
 do-install-DOCS-on:
 	@${MKDIR} ${STAGEDIR}${DOCSDIR}
 	(cd ${BUILD_WRKSRC} && \
 		${INSTALL_DATA} ${PORTDOCS} ${STAGEDIR}${DOCSDIR})
 
 do-install-PRIVSEP-on:
 	${INSTALL_PROGRAM} ${BUILD_WRKSRC}/wpa_priv ${STAGEDIR}${PREFIX}/sbin
 
 .include <bsd.port.post.mk>
Index: head/security/wpa_supplicant/distinfo
===================================================================
--- head/security/wpa_supplicant/distinfo	(revision 477201)
+++ head/security/wpa_supplicant/distinfo	(revision 477202)
@@ -1,19 +1,21 @@
-TIMESTAMP = 1508183403
+TIMESTAMP = 1533786430
 SHA256 (wpa_supplicant-2.6.tar.gz) = b4936d34c4e6cdd44954beba74296d964bc2c9668ecaa5255e499636fe2b1450
 SIZE (wpa_supplicant-2.6.tar.gz) = 2753524
 SHA256 (rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch) = 529113cc81256c6178f3c1cf25dd8d3f33e6d770e4a180bd31c6ab7e4917f40b
 SIZE (rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch) = 6218
 SHA256 (rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch) = d86d47ab74170f3648b45b91bce780949ca92b09ab43df065178850ec0c335d7
 SIZE (rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch) = 7883
 SHA256 (rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch) = d4535e36739a0cc7f3585e6bcba3c0bb8fc67cb3e729844e448c5dc751f47e81
 SIZE (rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch) = 6861
 SHA256 (rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch) = 793a54748161b5af430dd9de4a1988d19cb8e85ab29bc2340f886b0297cee20b
 SIZE (rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch) = 2566
 SHA256 (rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch) = 147c8abe07606905d16404fb2d2c8849796ca7c85ed8673c09bb50038bcdeb9e
 SIZE (rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch) = 1949
 SHA256 (rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch) = 596d4d3b63ea859ed7ea9791b3a21cb11b6173b04c0a14a2afa47edf1666afa6
 SIZE (rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch) = 4309
 SHA256 (rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch) = c5a17af84aec2d88c56ce0da2d6945be398fe7cab5c0c340deb30973900c2736
 SIZE (rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch) = 1649
 SHA256 (rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch) = c8840d857b9432f3b488113c85c1ff5d4a4b8d81078b7033388dae1e990843b1
 SIZE (rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch) = 2750
+SHA256 (rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch) = 960c3cf2a514479b0b4cf09665186a1a9f5d28e8b05dec23db75c6cc13eb1f7c
+SIZE (rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch) = 1999