diff --git a/.gitignore b/.gitignore
index 2c81044..78d2229 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,3 @@
 SOURCES/container-selinux.tgz
-SOURCES/selinux-policy-55f4df9.tar.gz
-SOURCES/selinux-policy-contrib-5a34aed.tar.gz
+SOURCES/selinux-policy-1b02d17.tar.gz
+SOURCES/selinux-policy-contrib-f0a9f74.tar.gz
diff --git a/.selinux-policy.metadata b/.selinux-policy.metadata
index 30ba56b..02bd259 100644
--- a/.selinux-policy.metadata
+++ b/.selinux-policy.metadata
@@ -1,3 +1,3 @@
-7ceb35aad9e24fb10f07a43f2df6b5c4bfd1cd96 SOURCES/container-selinux.tgz
-c10a1f894f9a2b1eb2159c2c753d97a5ff788887 SOURCES/selinux-policy-55f4df9.tar.gz
-00ac11cfcd23af70f64c6e2b80cd729e1b86036b SOURCES/selinux-policy-contrib-5a34aed.tar.gz
+d1acf51fa5e48df7689df7f5b20758d97986f4f8 SOURCES/container-selinux.tgz
+9fc17aed658d2dce41a5f2f0e27b0ed7f2ba007d SOURCES/selinux-policy-1b02d17.tar.gz
+67809e7b4b217ee64c245cd12367535ac54f8296 SOURCES/selinux-policy-contrib-f0a9f74.tar.gz
diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec
index 77b2574..bd70510 100644
--- a/SPECS/selinux-policy.spec
+++ b/SPECS/selinux-policy.spec
@@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 55f4df96a3aff2ed1791e428385e1967856eed49
+%global commit0 1b02d17c0a0bac51bdc0980bcfd337de0ffa853f
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 
 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 5a34aedf6563624d8543cbc708ba2a29be508872
+%global commit1 f0a9f7489d377ea5c0e41d5a9a46d67969dcf215
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
 
 %define distro redhat
@@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.3
-Release: 67%{?dist}
+Release: 68%{?dist}
 License: GPLv2+
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
 Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@@ -715,6 +715,18 @@ exit 0
 %endif
 
 %changelog
+* Thu May 20 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-68
+- Allow pluto IKEv2 / ESP over TCP
+Resolves: rhbz#1931848
+- Label SDC(scini) Dell Driver
+Resolves: rhbz#1936882
+- Add file context specification for /var/tmp/tmp-inst
+Resolves: rhbz#1919253
+- Allow virtlogd_t to create virt_var_lockd_t dir
+Resolves: rhbz#1941464
+- Allow cups-lpd read its private runtime socket files
+Resolves: rhbz#1919399
+
 * Mon Mar 15 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-67
 - Allow systemd the audit_control capability conditionally
 Resolves: rhbz#1861771