diff --git a/SOURCES/gnutls-3.6.16-doc-p11tool-ckaid.patch b/SOURCES/gnutls-3.6.16-doc-p11tool-ckaid.patch new file mode 100644 index 0000000..a5f1c0f --- /dev/null +++ b/SOURCES/gnutls-3.6.16-doc-p11tool-ckaid.patch @@ -0,0 +1,14 @@ +--- gnutls-3.7.2/doc/manpages/p11tool.1 2021-05-29 10:15:22.000000000 +0200 ++++ gnutls-3.7.2-bootstrapped/doc/manpages/p11tool.1 2021-06-28 09:35:23.000000000 +0200 +@@ -230,8 +230,9 @@ + .NOP \f\*[B-Font]\-\-write\f[] + Writes the loaded objects to a PKCS #11 token. + .sp +-It can be used to write private, public keys, certificates or secret keys to a token. Must be combined with +- one of \--load-privkey, \--load-pubkey, \--load-certificate option. ++It can be used to write private, public keys, certificates or secret keys to a token. Must be combined with one of \--load-privkey, \--load-pubkey, \--load-certificate option. ++.sp ++When writing a certificate object, its CKA_ID is set to the same CKA_ID of the corresponding public key, if it exists on the token; otherwise it will be derived from the X.509 Subject Key Identifier of the certificate. If this behavior is undesired, write the public key to the token beforehand. + .TP + .NOP \f\*[B-Font]\-\-delete\f[] + Deletes the objects matching the given PKCS #11 URL. diff --git a/SPECS/gnutls.spec b/SPECS/gnutls.spec index faa7f34..0bcbaba 100644 --- a/SPECS/gnutls.spec +++ b/SPECS/gnutls.spec @@ -1,5 +1,5 @@ Version: 3.6.16 -Release: 3%{?dist} +Release: 4%{?dist} Patch1: gnutls-3.2.7-rpath.patch Patch2: gnutls-3.6.4-no-now-guile.patch Patch3: gnutls-3.6.13-enable-intel-cet.patch @@ -7,6 +7,7 @@ Patch10: gnutls-3.6.14-fips-dh-selftests.patch Patch11: gnutls-3.6.14-fips-kdf-selftests.patch Patch12: gnutls-3.6.16-tls12-cert-type.patch Patch13: gnutls-3.6.16-trust-ca-sha1.patch +Patch14: gnutls-3.6.16-doc-p11tool-ckaid.patch %bcond_without dane %if 0%{?rhel} %bcond_with guile @@ -290,6 +291,9 @@ fi %endif %changelog +* Mon Jun 28 2021 Daiki Ueno - 3.6.16-4 +- p11tool: Document ID reuse behavior when importing certs (#1776250) + * Mon Jun 7 2021 Daiki Ueno - 3.6.16-3 - Treat SHA-1 signed CA in the trusted set differently (#1965445)