import gnutls-3.6.16-4.el8

SOURCES/gnutls-3.6.16-doc-p11tool-ckaid.patch

@@ -0,0 +1,14 @@
+--- gnutls-3.7.2/doc/manpages/p11tool.1	2021-05-29 10:15:22.000000000 +0200
++++ gnutls-3.7.2-bootstrapped/doc/manpages/p11tool.1	2021-06-28 09:35:23.000000000 +0200
+@@ -230,8 +230,9 @@
+ .NOP \f\*[B-Font]\-\-write\f[]
+ Writes the loaded objects to a PKCS #11 token.
+ .sp
+-It can be used to write private, public keys, certificates or secret keys to a token. Must be combined with
+-    one of \--load-privkey, \--load-pubkey, \--load-certificate option.
++It can be used to write private, public keys, certificates or secret keys to a token. Must be combined with one of \--load-privkey, \--load-pubkey, \--load-certificate option.
++.sp
++When writing a certificate object, its CKA_ID is set to the same CKA_ID of the corresponding public key, if it exists on the token; otherwise it will be derived from the X.509 Subject Key Identifier of the certificate. If this behavior is undesired, write the public key to the token beforehand.
+ .TP
+ .NOP \f\*[B-Font]\-\-delete\f[]
+ Deletes the objects matching the given PKCS #11 URL.

SPECS/gnutls.spec

@@ -1,5 +1,5 @@
 Version:	3.6.16
-Release: 3%{?dist}
+Release: 4%{?dist}
 Patch1:	gnutls-3.2.7-rpath.patch
 Patch2:	gnutls-3.6.4-no-now-guile.patch
 Patch3:	gnutls-3.6.13-enable-intel-cet.patch
@@ -7,6 +7,7 @@ Patch10:	gnutls-3.6.14-fips-dh-selftests.patch
 Patch11:	gnutls-3.6.14-fips-kdf-selftests.patch
 Patch12:	gnutls-3.6.16-tls12-cert-type.patch
 Patch13:	gnutls-3.6.16-trust-ca-sha1.patch
+Patch14:	gnutls-3.6.16-doc-p11tool-ckaid.patch
 %bcond_without dane
 %if 0%{?rhel}
 %bcond_with guile
@@ -290,6 +291,9 @@ fi
 %endif
 
 %changelog
+* Mon Jun 28 2021 Daiki Ueno <dueno@redhat.com> - 3.6.16-4
+- p11tool: Document ID reuse behavior when importing certs (#1776250)
+
 * Mon Jun  7 2021 Daiki Ueno <dueno@redhat.com> - 3.6.16-3
 - Treat SHA-1 signed CA in the trusted set differently (#1965445)