diff --git a/gnutls-3.6.0.tar.xz b/gnutls-3.6.0.tar.xz
deleted file mode 100644
index cf3c1bc..0000000
--- a/gnutls-3.6.0.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:2ab9e3c0131fcd9142382f37ba9c6d20022b76cba83560cbcaa8e4002d71fb72
-size 8024972
diff --git a/gnutls-3.6.0.tar.xz.sig b/gnutls-3.6.0.tar.xz.sig
deleted file mode 100644
index 86b5770..0000000
Binary files a/gnutls-3.6.0.tar.xz.sig and /dev/null differ
diff --git a/gnutls-3.6.1.tar.xz b/gnutls-3.6.1.tar.xz
new file mode 100644
index 0000000..c30efc5
--- /dev/null
+++ b/gnutls-3.6.1.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:20b10d2c9994bc032824314714d0e84c0f19bdb3d715d8ed55beb7364a8ebaed
+size 8064408
diff --git a/gnutls-3.6.1.tar.xz.sig b/gnutls-3.6.1.tar.xz.sig
new file mode 100644
index 0000000..1b4fd21
Binary files /dev/null and b/gnutls-3.6.1.tar.xz.sig differ
diff --git a/gnutls.changes b/gnutls.changes
index b306fbe..f548c70 100644
--- a/gnutls.changes
+++ b/gnutls.changes
@@ -1,3 +1,28 @@
+-------------------------------------------------------------------
+Wed Nov  1 15:13:55 UTC 2017 - astieger@suse.com
+
+- GnuTLS 3.6.1:
+  * Fix interoperability issue with openssl when safe renegotiation
+    was used
+  * gnutls_x509_crl_sign, gnutls_x509_crt_sign,
+    gnutls_x509_crq_sign, were modified to sign with a better
+    algorithm than SHA1. They will now sign with an algorithm that
+    corresponds to the security level of the signer's key.
+  * gnutls_x509_*_sign2() functions and gnutls_x509_*_privkey_sign()
+    accept GNUTLS_DIG_UNKNOWN (0) as a hash function option. That
+    will signal the function to auto-detect an appropriate hash
+    algorithm to use.
+  * Remove support for signature algorithms using SHA2-224 in TLS.
+    TLS 1.3 no longer uses SHA2-224 and it was never a widespread
+    algorithm in TLS 1.2
+  * Refuse to use client certificates containing disallowed
+    algorithms for a session, reverting a change on 3.5.5
+  * Refuse to resume a session which had a different SNI advertised
+    That improves RFC6066 support in server side.
+  * p11tool: Mark all generated objects as sensitive by default.
+  * p11tool: added options --sign-params and --hash. This allows
+    testing signature with multiple algorithms, including RSA-PSS.
+
 -------------------------------------------------------------------
 Wed Sep 20 12:36:16 UTC 2017 - vcizek@suse.com
 
diff --git a/gnutls.spec b/gnutls.spec
index ab73d69..4d1cec5 100644
--- a/gnutls.spec
+++ b/gnutls.spec
@@ -23,7 +23,7 @@
 %bcond_with tpm
 %bcond_without guile
 Name:           gnutls
-Version:        3.6.0
+Version:        3.6.1
 Release:        0
 Summary:        The GNU Transport Layer Security Library
 License:        LGPL-2.1+ AND GPL-3.0+