diff --git a/wpa_supplicant-2.10.tar.gz b/wpa_supplicant-2.11.tar.gz
similarity index 32%
rename from wpa_supplicant-2.10.tar.gz
rename to wpa_supplicant-2.11.tar.gz
index 74236a8c9ed4ce3d4710623516e416fc35fa3b03..8d01786417714709895d0538ae20b97fa90daeef 100644
Binary files a/wpa_supplicant-2.10.tar.gz and b/wpa_supplicant-2.11.tar.gz differ
diff --git a/wpa_supplicant-defconfig-enable-WPA-EAP-SUITE-B-192-ciphers.patch b/wpa_supplicant-defconfig-enable-WPA-EAP-SUITE-B-192-ciphers.patch
index 5955120e8e85a6a3305a3d3001c3bf114cb39aca..f72d8e2a8fecc88111bf8cbf80549cce17204a3d 100644
--- a/wpa_supplicant-defconfig-enable-WPA-EAP-SUITE-B-192-ciphers.patch
+++ b/wpa_supplicant-defconfig-enable-WPA-EAP-SUITE-B-192-ciphers.patch
@@ -16,9 +16,9 @@ index 07d9752..3f73282 100644
 --- a/wpa_supplicant/defconfig
 +++ b/wpa_supplicant/defconfig
 @@ -634,3 +634,6 @@ CONFIG_WEP=y
- # design is still subject to change. As such, this should not yet be enabled in
- # production use.
- #CONFIG_PASN=y
+
+ # Wi-Fi Aware unsynchronized service discovery (NAN USD)
+ #CONFIG_NAN_USD=y
 +#
 +CONFIG_SUITEB192=y
 +
diff --git a/wpa_supplicant.spec b/wpa_supplicant.spec
index 985f76d8b37bff97d6e8973026fe09caf821bc25..59869bf310c23ac6ebf6722718fc7d7845af5d43 100644
--- a/wpa_supplicant.spec
+++ b/wpa_supplicant.spec
@@ -1,10 +1,10 @@
-%define anolis_release 4
+%define anolis_release 1
 %global _hardened_build 1
 
 Summary: WPA/WPA2/IEEE 802.1X Supplicant
 Name: wpa_supplicant
 Epoch: 1
-Version: 2.10
+Version: 2.11
 Release: %{anolis_release}%{?dist}
 License: BSD
 Source0: http://w1.fi/releases/%{name}-%{version}.tar.gz
@@ -37,19 +37,19 @@ Patch8: wpa_supplicant-defconfig-enable-OCV-support.patch
 Patch9: wpa_supplicant-allow-legacy-renegotiation.patch
 # Add WPA3 support for Broadcom device
 # https://bugzilla.redhat.com/show_bug.cgi?id=2226569
-Patch10: wpa_supplicant-nl80211-check-sae-authentication-offload-support.patch
-Patch11: wpa_supplicant-sae-pass-sae-password-on-connect-for-sae-authentication-offload-support.patch
+#Patch10: wpa_supplicant-nl80211-check-sae-authentication-offload-support.patch
+#Patch11: wpa_supplicant-sae-pass-sae-password-on-connect-for-sae-authentication-offload-support.patch
 # Enable IPv6 (#2095296)
 Patch12: wpa_supplicant-defconfig-enable-ipv6.patch
 
 # support macsec HW offload
-Patch13: wpa_supplicant-MACsec-Support-GCM-AES-256-cipher-suite.patch
-Patch14: wpa_supplicant-macsec_linux-Support-cipher-suite-configuration.patch
-Patch15: wpa_supplicant-mka-Allow-configuration-of-MACsec-hardware-offload.patch
-Patch16: wpa_supplicant-macsec_linux-Add-support-for-MACsec-hardware-offload.patch
+#Patch13: wpa_supplicant-MACsec-Support-GCM-AES-256-cipher-suite.patch
+#Patch14: wpa_supplicant-macsec_linux-Support-cipher-suite-configuration.patch
+#Patch15: wpa_supplicant-mka-Allow-configuration-of-MACsec-hardware-offload.patch
+#Patch16: wpa_supplicant-macsec_linux-Add-support-for-MACsec-hardware-offload.patch
 
 # fix PEAP client to require successful Phase2 authentication when needed (CVE-2023-52160)
-Patch17: wpa_supplicant-PEAP-client-Update-Phase-2-authentication-requiremen.patch
+#Patch17: wpa_supplicant-PEAP-client-Update-Phase-2-authentication-requiremen.patch
 
 URL: http://w1.fi/wpa_supplicant/
 
@@ -180,6 +180,9 @@ chmod -R 0644 wpa_supplicant/examples/*.py
 %doc wpa_supplicant/todo.txt
 
 %changelog
+* Fri Dec 06 2024 mgb01105731 <mgb01105731@alibaba-inc.com> - 1:2.11-1
+- update to 2.11 fix CVE-2023-52424
+
 * Tue Feb 20 2024 Funda Wang <fundawang@yeah.net> - 1:2.10-4
 - Add some patches from other distro