diff --git a/libsepol-fedora.patch b/libsepol-fedora.patch
index 7d95007..62d24e6 100644
--- a/libsepol-fedora.patch
+++ b/libsepol-fedora.patch
@@ -1,5 +1,27 @@
+diff --git libsepol-2.6/src/assertion.c libsepol-2.6/src/assertion.c
+index a4be880..121bf8c 100644
+--- libsepol-2.6/src/assertion.c
++++ libsepol-2.6/src/assertion.c
+@@ -222,7 +222,7 @@ static int report_assertion_avtab_matches(avtab_key_t *k, avtab_datum_t *d, void
+ 	ebitmap_node_t *snode, *tnode;
+ 	unsigned int i, j;
+ 
+-	if (k->specified != AVTAB_ALLOWED)
++	if ((k->specified & AVTAB_ALLOWED) == 0)
+ 		return 0;
+ 
+ 	if (!match_any_class_permissions(avrule->perms, k->target_class, d->data))
+@@ -455,7 +455,7 @@ static int check_assertion_avtab_match(avtab_key_t *k, avtab_datum_t *d, void *a
+ 	avrule_t *avrule = a->avrule;
+ 	avtab_t *avtab = a->avtab;
+ 
+-	if (k->specified != AVTAB_ALLOWED)
++	if ((k->specified & AVTAB_ALLOWED) == 0)
+ 		goto exit;
+ 
+ 	if (!match_any_class_permissions(avrule->perms, k->target_class, d->data))
 diff --git libsepol-2.6/src/boolean_record.c libsepol-2.6/src/boolean_record.c
-index 8b64413..ebef7f1 100644
+index 8b64413..a194704 100644
 --- libsepol-2.6/src/boolean_record.c
 +++ libsepol-2.6/src/boolean_record.c
 @@ -15,7 +15,7 @@ struct sepol_bool {
@@ -25,16 +47,31 @@ index 8b64413..ebef7f1 100644
  
  	*key_ptr = tmp_key;
  	return STATUS_SUCCESS;
-@@ -62,6 +67,7 @@ int sepol_bool_key_extract(sepol_handle_t * handle,
+@@ -62,6 +67,9 @@ int sepol_bool_key_extract(sepol_handle_t * handle,
  
  void sepol_bool_key_free(sepol_bool_key_t * key)
  {
++	if (!key)
++		return;
 +	free(key->name);
  	free(key);
  }
  
+diff --git libsepol-2.6/src/expand.c libsepol-2.6/src/expand.c
+index 004a029..1d7558e 100644
+--- libsepol-2.6/src/expand.c
++++ libsepol-2.6/src/expand.c
+@@ -937,7 +937,7 @@ int mls_semantic_range_expand(mls_semantic_range_t * sr, mls_range_t * r,
+ 		return -1;
+ 
+ 	if (mls_semantic_level_expand(&sr->level[1], &r->level[1], p, h) < 0) {
+-		mls_semantic_level_destroy(&sr->level[0]);
++		mls_level_destroy(&r->level[0]);
+ 		return -1;
+ 	}
+ 
 diff --git libsepol-2.6/src/iface_record.c libsepol-2.6/src/iface_record.c
-index 09adeb7..c8b977c 100644
+index 09adeb7..6d56835 100644
 --- libsepol-2.6/src/iface_record.c
 +++ libsepol-2.6/src/iface_record.c
 @@ -20,7 +20,7 @@ struct sepol_iface {
@@ -60,16 +97,18 @@ index 09adeb7..c8b977c 100644
  
  	*key_ptr = tmp_key;
  	return STATUS_SUCCESS;
-@@ -68,6 +73,7 @@ int sepol_iface_key_extract(sepol_handle_t * handle,
+@@ -68,6 +73,9 @@ int sepol_iface_key_extract(sepol_handle_t * handle,
  
  void sepol_iface_key_free(sepol_iface_key_t * key)
  {
++	if (!key)
++		return;
 +	free(key->name);
  	free(key);
  }
  
 diff --git libsepol-2.6/src/user_record.c libsepol-2.6/src/user_record.c
-index c59c54b..e7e2fc2 100644
+index c59c54b..d72d4c7 100644
 --- libsepol-2.6/src/user_record.c
 +++ libsepol-2.6/src/user_record.c
 @@ -24,7 +24,7 @@ struct sepol_user {
@@ -95,10 +134,12 @@ index c59c54b..e7e2fc2 100644
  
  	*key_ptr = tmp_key;
  	return STATUS_SUCCESS;
-@@ -71,6 +76,7 @@ int sepol_user_key_extract(sepol_handle_t * handle,
+@@ -71,6 +76,9 @@ int sepol_user_key_extract(sepol_handle_t * handle,
  
  void sepol_user_key_free(sepol_user_key_t * key)
  {
++	if (!key)
++		return;
 +	free(key->name);
  	free(key);
  }
diff --git a/libsepol.spec b/libsepol.spec
index 3b1ccff..a1cb790 100644
--- a/libsepol.spec
+++ b/libsepol.spec
@@ -1,14 +1,14 @@
 Summary: SELinux binary policy manipulation library 
 Name: libsepol
 Version: 2.6
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: LGPLv2+
 Group: System Environment/Libraries
 Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014/libsepol-2.6.tar.gz
 # download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
 # run:
 # $ VERSION=2.6 ./make-fedora-selinux-patch.sh libsepol
-# FIXME: HEAD https://github.com/fedora-selinux/selinux/commit/caefad506ca46db441952ab64ebfc6202897516b
+# HEAD https://github.com/fedora-selinux/selinux/commit/601a1d1363fe4137ff3a2991c546f7a0ccfec4cb
 Patch1: libsepol-fedora.patch
 URL: https://github.com/SELinuxProject/selinux/wiki
 BuildRequires: flex
@@ -106,6 +106,11 @@ exit 0
 %{_libdir}/libsepol.so.1
 
 %changelog
+* Fri Jul 28 2017 Petr Lautrbach <plautrba@redhat.com> - 2.6-3
+- Fix neverallow bug when checking conditional policy
+- Destroy the expanded level when mls_semantic_level_expand() fails
+- Do not seg fault on sepol_*_key_free(NULL)
+
 * Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.6-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild