diff --git a/config b/config
index 62d9f5a..d9e2e3f 100644
--- a/config
+++ b/config
@@ -67,9 +67,6 @@ CONFIG_LIBNL32=y
 # wpa_supplicant.
 # CONFIG_USE_NDISUIO=y
 
-# Driver interface for development testing
-#CONFIG_DRIVER_TEST=y
-
 # Driver interface for wired Ethernet drivers
 CONFIG_DRIVER_WIRED=y
 
diff --git a/wpa_supplicant-2.3.tar.gz b/wpa_supplicant-2.3.tar.gz
deleted file mode 100644
index d9b88eb..0000000
--- a/wpa_supplicant-2.3.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:eaaa5bf3055270e521b2dff64f2d203ec8040f71958b8588269a82c00c9d7b6a
-size 2398722
diff --git a/wpa_supplicant-2.4.tar.gz b/wpa_supplicant-2.4.tar.gz
new file mode 100644
index 0000000..d78c9c2
--- /dev/null
+++ b/wpa_supplicant-2.4.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:058dc832c096139a059e6df814080f50251a8d313c21b13364c54a1e70109122
+size 2525648
diff --git a/wpa_supplicant.changes b/wpa_supplicant.changes
index 0a8734e..a8786d0 100644
--- a/wpa_supplicant.changes
+++ b/wpa_supplicant.changes
@@ -1,3 +1,90 @@
+-------------------------------------------------------------------
+Fri Apr 10 23:05:28 UTC 2015 - stefan.bruens@rwth-aachen.de
+
+- Delete wpa_priv and eapol_test man pages, these are disabled in config
+- Move wpa_gui man page to gui package
+
+-------------------------------------------------------------------
+Thu Apr  2 01:02:11 UTC 2015 - stefan.bruens@rwth-aachen.de
+
+- Update to 2.4
+  * allow OpenSSL cipher configuration to be set for internal EAP server
+    (openssl_ciphers parameter)
+  * fixed number of small issues based on hwsim test case failures and
+    static analyzer reports
+  * P2P:
+    - add new=<0/1> flag to P2P-DEVICE-FOUND events
+    - add passive channels in invitation response from P2P Client
+    - enable nl80211 P2P_DEVICE support by default
+    - fix regresssion in disallow_freq preventing search on social
+      channels
+    - fix regressions in P2P SD query processing
+    - try to re-invite with social operating channel if no common channels
+      in invitation
+    - allow cross connection on parent interface (this fixes number of
+      use cases with nl80211)
+    - add support for P2P services (P2PS)
+    - add p2p_go_ctwindow configuration parameter to allow GO CTWindow to
+      be configured
+  * increase postponing of EAPOL-Start by one second with AP/GO that
+    supports WPS 2.0 (this makes it less likely to trigger extra roundtrip
+    of identity frames)
+  * add support for PMKSA caching with SAE
+  * add support for control mesh BSS (IEEE 802.11s) operations
+  * fixed number of issues with D-Bus P2P commands
+  * fixed regression in ap_scan=2 special case for WPS
+  * fixed macsec_validate configuration
+  * add a workaround for incorrectly behaving APs that try to use
+    EAPOL-Key descriptor version 3 when the station supports PMF even if
+    PMF is not enabled on the AP
+  * allow TLS v1.1 and v1.2 to be negotiated by default; previous behavior
+    of disabling these can be configured to work around issues with broken
+    servers with phase1="tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1"
+  * add support for Suite B (128-bit and 192-bit level) key management and
+    cipher suites
+  * add WMM-AC support (WMM_AC_ADDTS/WMM_AC_DELTS)
+  * improved BSS Transition Management processing
+  * add support for neighbor report
+  * add support for link measurement
+  * fixed expiration of BSS entry with all-zeros BSSID
+  * add optional LAST_ID=x argument to LIST_NETWORK to allow all
+    configured networks to be listed even with huge number of network
+    profiles
+  * add support for EAP Re-Authentication Protocol (ERP)
+  * fixed EAP-IKEv2 fragmentation reassembly
+  * improved PKCS#11 configuration for OpenSSL
+  * set stdout to be line-buffered
+  * add TDLS channel switch configuration
+  * add support for MAC address randomization in scans with nl80211
+  * enable HT for IBSS if supported by the driver
+  * add BSSID black and white lists (bssid_blacklist, bssid_whitelist)
+  * add support for domain_suffix_match with GnuTLS
+  * add OCSP stapling client support with GnuTLS
+  * include peer certificate in EAP events even without a separate probe
+    operation; old behavior can be restored with cert_in_cb=0
+  * add peer ceritficate alt subject name to EAP events
+    (CTRL-EVENT-EAP-PEER-ALT)
+  * add domain_match network profile parameter (similar to
+    domain_suffix_match, but full match is required)
+  * enable AP/GO mode HT Tx STBC automatically based on driver support
+  * add ANQP-QUERY-DONE event to provide information on ANQP parsing
+    status
+  * allow passive scanning to be forced with passive_scan=1
+  * add a workaround for Linux packet socket behavior when interface is in
+    bridge
+  * increase 5 GHz band preference in BSS selection (estimate SNR, if info
+    not available from driver; estimate maximum throughput based on common
+    HT/VHT/specific TX rate support)
+  * add INTERWORKING_ADD_NETWORK ctrl_iface command; this can be used to
+    implement Interworking network selection behavior in upper layers
+    software components
+  * add optional reassoc_same_bss_optim=1 (disabled by default)
+    optimization to avoid unnecessary Authentication frame exchange
+  * extend TDLS frame padding workaround to cover all packets
+  * allow wpa_supplicant to recover nl80211 functionality if the cfg80211
+    module gets removed and reloaded without restarting wpa_supplicant
+  * allow hostapd DFS implementation to be used in wpa_supplicant AP mode
+
 -------------------------------------------------------------------
 Sat Oct 18 21:08:01 UTC 2014 - stefan.bruens@rwth-aachen.de
 
diff --git a/wpa_supplicant.spec b/wpa_supplicant.spec
index ac691a4..b4bae4e 100644
--- a/wpa_supplicant.spec
+++ b/wpa_supplicant.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package wpa_supplicant
 #
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -29,7 +29,7 @@ BuildRequires:  systemd-rpm-macros
 %endif
 BuildRequires:  libnl3-devel
 Url:            http://hostap.epitest.fi/wpa_supplicant/
-Version:        2.3
+Version:        2.4
 Release:        0
 Summary:        WPA supplicant implementation
 License:        BSD-3-Clause and GPL-2.0+
@@ -109,6 +109,9 @@ install -m 644 %{SOURCE4} %{buildroot}/%{_sysconfdir}/logrotate.d/wpa_supplicant
 install -d %{buildroot}/%{_rundir}/%{name}
 install -d %{buildroot}%{_mandir}/man{5,8}
 install -m 0644 wpa_supplicant/doc/docbook/*.8 %{buildroot}%{_mandir}/man8
+#  wpa_supplicant is built without CONFIG_PRIVSEP and CONFIG_EAPOL_TEST
+rm %{buildroot}%{_mandir}/man8/wpa_priv.*
+rm %{buildroot}%{_mandir}/man8/eapol_test.*
 install -m 0644 wpa_supplicant/doc/docbook/*.5 %{buildroot}%{_mandir}/man5
 install -m 755 wpa_supplicant/wpa_gui-qt4/wpa_gui %{buildroot}%{_sbindir}
 %if 0%{?suse_version} > 1230
@@ -151,10 +154,12 @@ chmod -x wpa_supplicant/examples/*.py
 %endif
 %dir %{_sysconfdir}/%{name}
 %doc %{_mandir}/man8/*
+%exclude %{_mandir}/man8/wpa_gui.*
 %doc %{_mandir}/man5/*
 
 %files gui
 %defattr(-,root,root)
 /usr/sbin/wpa_gui
+%doc %{_mandir}/man8/wpa_gui.*
 
 %changelog