diff --git a/.gitignore b/.gitignore
index 815b61d..218fa70 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,3 @@
 SOURCES/container-selinux.tgz
-SOURCES/selinux-policy-contrib-9113916.tar.gz
-SOURCES/selinux-policy-eda68ed.tar.gz
+SOURCES/selinux-policy-599ea13.tar.gz
+SOURCES/selinux-policy-contrib-0a6ca75.tar.gz
diff --git a/.selinux-policy.metadata b/.selinux-policy.metadata
index e85adaa..12059ee 100644
--- a/.selinux-policy.metadata
+++ b/.selinux-policy.metadata
@@ -1,3 +1,3 @@
-3286c577223504e4e992d5939ac38c16cd886060 SOURCES/container-selinux.tgz
-e8f9579c1fa8ee2ababe89014d0051219bd43da0 SOURCES/selinux-policy-contrib-9113916.tar.gz
-3674766fdf8b1f1ce0d7ad4fce817984ef13f9fc SOURCES/selinux-policy-eda68ed.tar.gz
+918fd9344446a8b0ea2852dfc42bd1a8899c5337 SOURCES/container-selinux.tgz
+5a7f2b80030e9cb4419ca0e7ba0022d810cd2228 SOURCES/selinux-policy-599ea13.tar.gz
+3994703112488b7529339a94d902b71980136a37 SOURCES/selinux-policy-contrib-0a6ca75.tar.gz
diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec
index 66fb595..c83e4af 100644
--- a/SPECS/selinux-policy.spec
+++ b/SPECS/selinux-policy.spec
@@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 eda68eda5ea48acdb448057f5ba995b60a3b919b
+%global commit0 599ea1311cbb2e8dea05f89507de009eb370db51
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 
 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 91139161ec640e9e95484eec1ad530ac05881e28
+%global commit1 0a6ca756d70637c08a9205910a2eabe853e31677
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
 
 %define distro redhat
@@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.3
-Release: 60%{?dist}
+Release: 62%{?dist}
 License: GPLv2+
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
 Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@@ -715,6 +715,40 @@ exit 0
 %endif
 
 %changelog
+* Fri Jan 29 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-62
+- Allow rhsmcertd_t domain transition to kpatch_t
+Resolves: rhbz#1895322
+- Revert "Add kpatch_exec() interface"
+Resolves: rhbz#1895322
+- Revert "Allow rhsmcertd execute kpatch"
+Resolves: rhbz#1895322
+- Dontaudit NetworkManager_t domain to write to kdump temp pipies
+Resolves: rhbz#1842897
+- Allow NetworkManager_t domain to get status of samba services
+Resolves: rhbz#1781806
+- Allow openvswitch create and use xfrm netlink sockets
+Resolves: rhbz#1916046
+- Allow openvswitch_t perf_event write permission
+Resolves: rhbz#1916046
+- Add write_perf_event_perms object permission set
+Related: rhbz#1916046
+
+* Wed Jan 27 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-61
+- Add kpatch_exec() interface
+Resolves: rhbz#1895322
+- Allow rhsmcertd execute kpatch
+Resolves: rhbz#1895322
+- Allow openvswitch_t perf_event open permission
+Resolves: rhbz#1916046
+- Allow openvswitch fowner capability and create netlink sockets
+Resolves: rhbz#1883980
+- Add net_broadcast capability to openvswitch_t domain
+Resolves: rhbz#1883980
+- Update interface modutils_read_module_deps to allow caller domain also mmap modules_dep_t files
+Resolves: rhbz#1883980
+- Allow machinectl to run pull-tar
+Resolves: rhbz#1788055
+
 * Wed Jan 13 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-60
 - Allow wireshark create and use rdma socket
 Resolves: rhbz#1844370