diff --git a/package/wpa_supplicant/Makefile b/package/wpa_supplicant/Makefile
index de5607384da220bbc8d308969ea7cee276f0b1fe..8572a49d0af1befe68bdc02f018dc51883fdaf4d 100644
--- a/package/wpa_supplicant/Makefile
+++ b/package/wpa_supplicant/Makefile
@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2008 OpenWrt.org
+# Copyright (C) 2008-2009 OpenWrt.org
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@@ -9,9 +9,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=wpa_supplicant
-PKG_VERSION:=0.6.6
+PKG_VERSION:=0.6.7
 PKG_RELEASE:=1
-PKG_MD5SUM:=cd0b386bdf4b0b3b01516e36cb6977d1
+PKG_MD5SUM:=b61f6e94b63f92173f4286b5e6a84140
 
 PKG_SOURCE_URL:=http://hostap.epitest.fi/releases
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
@@ -45,7 +45,7 @@ define Package/wpa-cli
 endef
 
 define Package/wpa-cli/Description
- WPA Supplicant control utility 
+ WPA Supplicant control utility
 endef
 
 CONFIG=$(firstword $(wildcard ./files/config.$(BOARD) ./files/config.$(ARCH) ./config))
diff --git a/package/wpa_supplicant/patches/110-roaming.patch b/package/wpa_supplicant/patches/110-roaming.patch
index 2836b204e1bc66e7a6c8e7ddd8992f3f0fb49be0..e223ee70a0f1c3dcd640c41100219dc581f86ef4 100644
--- a/package/wpa_supplicant/patches/110-roaming.patch
+++ b/package/wpa_supplicant/patches/110-roaming.patch
@@ -1,7 +1,7 @@
 This patch decreases the timeouts for assoc/auth to more realistic values. Improves roaming speed
 --- a/wpa_supplicant/events.c
 +++ b/wpa_supplicant/events.c
-@@ -807,7 +807,7 @@ static void wpa_supplicant_event_assoc(s
+@@ -846,7 +846,7 @@ static void wpa_supplicant_event_assoc(s
  		wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
  	} else if (!ft_completed) {
  		/* Timeout for receiving the first EAPOL packet */
@@ -12,15 +12,15 @@ This patch decreases the timeouts for assoc/auth to more realistic values. Impro
  
 --- a/wpa_supplicant/scan.c
 +++ b/wpa_supplicant/scan.c
-@@ -145,6 +145,7 @@ static void wpa_supplicant_scan(void *el
- 		return;
+@@ -189,6 +189,7 @@ static void wpa_supplicant_scan(void *el
  	}
+ #endif /* CONFIG_WPS */
  
 +	wpa_drv_flush_pmkid(wpa_s);
  	if (wpa_s->use_client_mlme) {
  		ieee80211_sta_set_probe_req_ie(wpa_s, extra_ie, extra_ie_len);
  		ret = ieee80211_sta_req_scan(wpa_s, ssid ? ssid->ssid : NULL,
-@@ -157,7 +158,7 @@ static void wpa_supplicant_scan(void *el
+@@ -203,7 +204,7 @@ static void wpa_supplicant_scan(void *el
  
  	if (ret) {
  		wpa_printf(MSG_WARNING, "Failed to initiate AP scan.");
@@ -31,7 +31,7 @@ This patch decreases the timeouts for assoc/auth to more realistic values. Impro
  
 --- a/wpa_supplicant/wpa_supplicant.c
 +++ b/wpa_supplicant/wpa_supplicant.c
-@@ -1118,10 +1118,10 @@ void wpa_supplicant_associate(struct wpa
+@@ -1160,10 +1160,10 @@ void wpa_supplicant_associate(struct wpa
  
  		if (assoc_failed) {
  			/* give IBSS a bit more time */
diff --git a/package/wpa_supplicant/patches/120-ssid_scan.patch b/package/wpa_supplicant/patches/120-ssid_scan.patch
index dadfb79fb31a2a4828e756bc6fe53b0bc37a03f5..6beaed449c4b230b958019aff8280e3c593989e3 100644
--- a/package/wpa_supplicant/patches/120-ssid_scan.patch
+++ b/package/wpa_supplicant/patches/120-ssid_scan.patch
@@ -2,13 +2,15 @@ Don't do broadcast SSID scans, if all configured SSIDs use scan_ssid=1. Improves
 
 --- a/wpa_supplicant/scan.c
 +++ b/wpa_supplicant/scan.c
-@@ -48,11 +48,23 @@ static void wpa_supplicant_scan(void *el
- 	int enabled, scan_req = 0, ret;
+@@ -73,6 +73,7 @@ static void wpa_supplicant_scan(void *el
+ 	struct wpabuf *wps_ie = NULL;
  	const u8 *extra_ie = NULL;
  	size_t extra_ie_len = 0;
 +	int scan_ssid_all = 1;
- 
- 	if (wpa_s->disconnected && !wpa_s->scan_req)
+ 	int wps = 0;
+ #ifdef CONFIG_WPS
+ 	enum wps_request_type req_type = WPS_REQ_ENROLLEE_INFO;
+@@ -82,6 +83,17 @@ static void wpa_supplicant_scan(void *el
  		return;
  
  	enabled = 0;
@@ -26,7 +28,7 @@ Don't do broadcast SSID scans, if all configured SSIDs use scan_ssid=1. Improves
  	ssid = wpa_s->conf->ssid;
  	while (ssid) {
  		if (!ssid->disabled) {
-@@ -125,6 +137,10 @@ static void wpa_supplicant_scan(void *el
+@@ -154,6 +166,10 @@ static void wpa_supplicant_scan(void *el
  		return;
  	}
  
diff --git a/package/wpa_supplicant/patches/130-scanning.patch b/package/wpa_supplicant/patches/130-scanning.patch
index fc6574be20864d7fae894710fc7ee216d9943c8d..1f8cb4597ec4af877461bf997b52596ff5a2aa98 100644
--- a/package/wpa_supplicant/patches/130-scanning.patch
+++ b/package/wpa_supplicant/patches/130-scanning.patch
@@ -17,7 +17,7 @@ Add a scan result cache to improve roaming speed if the driver gave us a backgro
  	 * If this is specified, %wpa_supplicant will open a control interface
 --- a/wpa_supplicant/config_file.c
 +++ b/wpa_supplicant/config_file.c
-@@ -313,6 +313,13 @@ static int wpa_config_process_ap_scan(st
+@@ -306,6 +306,13 @@ static int wpa_config_parse_int(const st
  	return 0;
  }
  
@@ -29,19 +29,17 @@ Add a scan result cache to improve roaming speed if the driver gave us a backgro
 +}
 +
  
- static int wpa_config_process_fast_reauth(struct wpa_config *config, char *pos)
- {
-@@ -446,6 +453,9 @@ static int wpa_config_process_global(str
- 	if (os_strncmp(pos, "ap_scan=", 8) == 0)
- 		return wpa_config_process_ap_scan(config, pos + 8);
- 
-+	if (os_strncmp(pos, "scan_cache=", 11) == 0)
-+		return wpa_config_process_scan_cache(config, pos + 11);
-+
- 	if (os_strncmp(pos, "fast_reauth=", 12) == 0)
- 		return wpa_config_process_fast_reauth(config, pos + 12);
- 
-@@ -819,6 +829,8 @@ static void wpa_config_write_global(FILE
+ static int wpa_config_parse_str(const struct global_parse_data *data,
+ 				struct wpa_config *config, int line,
+@@ -433,6 +440,7 @@ static const struct global_parse_data gl
+ #endif /* CONFIG_CTRL_IFACE */
+ 	{ INT_RANGE(eapol_version, 1, 2) },
+ 	{ INT(ap_scan) },
++	{ INT(scan_cache) },
+ 	{ INT(fast_reauth) },
+ #ifdef EAP_TLS_OPENSSL
+ 	{ STR(opensc_engine_path) },
+@@ -834,6 +842,8 @@ static void wpa_config_write_global(FILE
  		fprintf(f, "eapol_version=%d\n", config->eapol_version);
  	if (config->ap_scan != DEFAULT_AP_SCAN)
  		fprintf(f, "ap_scan=%d\n", config->ap_scan);
@@ -52,8 +50,8 @@ Add a scan result cache to improve roaming speed if the driver gave us a backgro
  #ifdef EAP_TLS_OPENSSL
 --- a/wpa_supplicant/events.c
 +++ b/wpa_supplicant/events.c
-@@ -601,6 +601,9 @@ static void wpa_supplicant_event_scan_re
- 	if (wpa_s->conf->ap_scan == 2 || wpa_s->disconnected)
+@@ -633,6 +633,9 @@ static void wpa_supplicant_event_scan_re
+ 	    wpa_s->disconnected)
  		return;
  
 +	if (wpa_s->wpa_state > WPA_ASSOCIATED)
@@ -62,7 +60,7 @@ Add a scan result cache to improve roaming speed if the driver gave us a backgro
  	while (selected == NULL) {
  		for (prio = 0; prio < wpa_s->conf->num_prio; prio++) {
  			selected = wpa_supplicant_select_bss(
-@@ -613,6 +616,7 @@ static void wpa_supplicant_event_scan_re
+@@ -645,6 +648,7 @@ static void wpa_supplicant_event_scan_re
  			wpa_printf(MSG_DEBUG, "No APs found - clear blacklist "
  				   "and try again");
  			wpa_blacklist_clear(wpa_s);
@@ -70,7 +68,7 @@ Add a scan result cache to improve roaming speed if the driver gave us a backgro
  		} else if (selected == NULL) {
  			break;
  		}
-@@ -640,10 +644,12 @@ static void wpa_supplicant_event_scan_re
+@@ -679,10 +683,12 @@ static void wpa_supplicant_event_scan_re
  		rsn_preauth_scan_results(wpa_s->wpa, wpa_s->scan_res);
  	} else {
  		wpa_printf(MSG_DEBUG, "No suitable AP found.");
@@ -84,7 +82,7 @@ Add a scan result cache to improve roaming speed if the driver gave us a backgro
  	return;
  
  req_scan:
-@@ -847,6 +853,9 @@ static void wpa_supplicant_event_disasso
+@@ -886,6 +892,9 @@ static void wpa_supplicant_event_disasso
  	}
  	if (wpa_s->wpa_state >= WPA_ASSOCIATED)
  		wpa_supplicant_req_scan(wpa_s, 0, 100000);
@@ -96,7 +94,7 @@ Add a scan result cache to improve roaming speed if the driver gave us a backgro
  		bssid = wpa_s->pending_bssid;
 --- a/wpa_supplicant/wpa_supplicant_i.h
 +++ b/wpa_supplicant/wpa_supplicant_i.h
-@@ -334,6 +334,7 @@ struct wpa_supplicant {
+@@ -349,6 +349,7 @@ struct wpa_supplicant {
  	struct wpa_client_mlme mlme;
  	int use_client_mlme;
  	int driver_4way_handshake;
@@ -104,7 +102,7 @@ Add a scan result cache to improve roaming speed if the driver gave us a backgro
  
  	int pending_mic_error_report;
  	int pending_mic_error_pairwise;
-@@ -385,6 +386,7 @@ int wpa_supplicant_scard_init(struct wpa
+@@ -402,6 +403,7 @@ int wpa_supplicant_scard_init(struct wpa
  
  /* scan.c */
  void wpa_supplicant_req_scan(struct wpa_supplicant *wpa_s, int sec, int usec);
@@ -131,23 +129,23 @@ Add a scan result cache to improve roaming speed if the driver gave us a backgro
 +	return 1;
 +}
  
- static void wpa_supplicant_scan(void *eloop_ctx, void *timeout_ctx)
- {
-@@ -150,8 +162,9 @@ static void wpa_supplicant_scan(void *el
- 	} else
- 		wpa_s->prev_scan_ssid = BROADCAST_SSID_SCAN;
+ #ifdef CONFIG_WPS
+ static int wpas_wps_in_use(struct wpa_config *conf,
+@@ -183,8 +195,9 @@ static void wpa_supplicant_scan(void *el
+ 	wps = wpas_wps_in_use(wpa_s->conf, &req_type);
+ #endif /* CONFIG_WPS */
  
 -	if (wpa_s->scan_res_tried == 0 && wpa_s->conf->ap_scan == 1 &&
--	    !wpa_s->use_client_mlme) {
+-	    !wpa_s->use_client_mlme && wps != 2) {
 +	if (!wpa_supplicant_may_scan(wpa_s) ||
-+		(wpa_s->scan_res_tried == 0 && wpa_s->conf->ap_scan == 1 &&
-+	    !wpa_s->use_client_mlme)) {
++	    (wpa_s->scan_res_tried == 0 && wpa_s->conf->ap_scan == 1 &&
++	    !wpa_s->use_client_mlme && wps != 2)) {
  		wpa_s->scan_res_tried++;
  		wpa_s->scan_req = scan_req;
  		wpa_printf(MSG_DEBUG, "Trying to get current scan results "
 --- a/wpa_supplicant/wpa_supplicant.c
 +++ b/wpa_supplicant/wpa_supplicant.c
-@@ -1441,6 +1441,9 @@ void wpa_supplicant_rx_eapol(void *ctx, 
+@@ -1491,6 +1491,9 @@ void wpa_supplicant_rx_eapol(void *ctx, 
  {
  	struct wpa_supplicant *wpa_s = ctx;
  
diff --git a/package/wpa_supplicant/patches/140-quality.patch b/package/wpa_supplicant/patches/140-quality.patch
index 6ba7424ffee2dc3a6193385a0f6b92250378214b..edb0b2693bb582f7c2fe42e8ed26e14e4ab2666a 100644
--- a/package/wpa_supplicant/patches/140-quality.patch
+++ b/package/wpa_supplicant/patches/140-quality.patch
@@ -1,6 +1,6 @@
 --- a/wpa_supplicant/wpa_supplicant.c
 +++ b/wpa_supplicant/wpa_supplicant.c
-@@ -1206,7 +1206,7 @@ static int wpa_supplicant_get_scan_resul
+@@ -1248,7 +1248,7 @@ static int wpa_supplicant_get_scan_resul
  {
  #define SCAN_AP_LIMIT 128
  	struct wpa_scan_result *results;
@@ -9,7 +9,7 @@
  	struct wpa_scan_results *res;
  
  	results = os_malloc(SCAN_AP_LIMIT * sizeof(struct wpa_scan_result));
-@@ -1303,6 +1303,21 @@ static int wpa_supplicant_get_scan_resul
+@@ -1345,6 +1345,21 @@ static int wpa_supplicant_get_scan_resul
  		res->res[res->num++] = r;
  	}