diff --git a/backport-CVE-2024-5290.patch b/backport-CVE-2024-5290.patch
new file mode 100644
index 0000000000000000000000000000000000000000..77722d93f90fc06c6cce2c6cb2fb1b62851a18b6
--- /dev/null
+++ b/backport-CVE-2024-5290.patch
@@ -0,0 +1,34 @@
+https://github.com/deepin-community/wpa/commit/512af510f0ae65392ff128008252fa37fbafa26b
+Description: slow certification.
+ When using PEAP certification, the server may use Identity's Request message
+ as a heartbeat; there will be many clients on the Internet to send address
+ 01: 80: C2: 00: 03 Identity's Response message as a heartbeat; at this time
+ When a client is broken and reconnect, it is easy to receive this message,
+ resulting in triggering restart of EAPOL authentication, resulting in a slow
+ authentication. So Ignore the response message in the Connecting state.
+
+Author: xinpeng wang <wangxinpeng@uniontech.com>
+
+
+Origin: https://gerrit.uniontech.com/plugins/gitiles/base/wpa/+/accd188752a1b2656a92dabca48616cb9889f386
+Bug: https://pms.uniontech.com/zentao/bug-view-105383.html
+Last-Update: 2022-05-19
+
+--- wpa-2.10.orig/src/eapol_supp/eapol_supp_sm.c
++++ wpa-2.10/src/eapol_supp/eapol_supp_sm.c
+@@ -1357,6 +1357,15 @@ int eapol_sm_rx_eapol(struct eapol_sm *s
+ 				break;
+ 			}
+ 		}
++		{
++			const struct eap_hdr *ehdr =
++				(const struct eap_hdr *) (hdr + 1);
++			if (plen >= sizeof(*ehdr) && ehdr->code == EAP_CODE_RESPONSE &&
++				sm->SUPP_PAE_state == SUPP_PAE_CONNECTING) {
++				wpa_printf(MSG_DEBUG, "EAPOL: Ignore EAP packet with response when connecting workaround %d",sm->conf.workaround);
++				break;
++			}
++		}
+
+ 		if (sm->cached_pmk) {
+ 			/* Trying to use PMKSA caching, but Authenticator did
diff --git a/wpa_supplicant.spec b/wpa_supplicant.spec
index 9818ccc74482d8d93420f823943e4fa76f51f489..ba79649a66c9cbae256c83822fe588571e2a624b 100644
--- a/wpa_supplicant.spec
+++ b/wpa_supplicant.spec
@@ -1,7 +1,7 @@
 Name:          wpa_supplicant
 Epoch:         1
 Version:       2.11
-Release:       1
+Release:       2
 Summary:       A WPA Supplicant with support for WPA and WPA2 (IEEE 802.11i / RSN)
 License:       BSD-3-Clause
 Url:           https://w1.fi/wpa_supplicant/
@@ -16,6 +16,7 @@ Patch6000:     wpa_supplicant-gui-qt4.patch
 %if "%{?toolchain}" == "clang"
 Patch6001:     Add-clang-support-for-qmake.patch
 %endif
+Patch6002:     backport-CVE-2024-5290.patch
 
 %ifarch loongarch64
 BuildRequires: /usr/bin/qmake
@@ -118,6 +119,9 @@ install -m644 %{name}/doc/docbook/*.5 %{buildroot}%{_mandir}/man5
 %{_mandir}/man5/*
 
 %changelog
+* Fri Aug  9 2024 zhangxianting <zhangxianting@uniontech.com> - 1:2.11-2
+- fix CVE-2024-5290
+
 * Wed Jul 24 2024 Funda Wang <fundawang@yeah.net> - 1:2.11-1
 - update to 2.11