diff --git a/checkpolicy-2.6.tar.gz b/checkpolicy-2.6.tar.gz
deleted file mode 100644
index 8975019..0000000
--- a/checkpolicy-2.6.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:0bebd18688ca8027b1b3b4ff1532c0626f1fe49883ae6cb74d9d385940e74157
-size 69748
diff --git a/checkpolicy-2.7.tar.gz b/checkpolicy-2.7.tar.gz
new file mode 100644
index 0000000..5af869e
--- /dev/null
+++ b/checkpolicy-2.7.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5413479f1dcde866c19896b4dbfec315d822aa431606e1d03c944408984c3201
+size 65967
diff --git a/checkpolicy-build.patch b/checkpolicy-build.patch
new file mode 100644
index 0000000..9c2279d
--- /dev/null
+++ b/checkpolicy-build.patch
@@ -0,0 +1,228 @@
+diff --git checkpolicy-2.7/Makefile checkpolicy-2.7/Makefile
+index 68e11f2..4c817cd 100644
+--- checkpolicy-2.7/Makefile
++++ checkpolicy-2.7/Makefile
+@@ -1,12 +1,9 @@
+ #
+ # Makefile for building the checkpolicy program
+ #
+-PREFIX ?= $(DESTDIR)/usr
++PREFIX ?= /usr
+ BINDIR ?= $(PREFIX)/bin
+ MANDIR ?= $(PREFIX)/share/man
+-LIBDIR ?= $(PREFIX)/lib
+-INCLUDEDIR ?= $(PREFIX)/include
+-LIBSEPOLA ?= $(LIBDIR)/libsepol.a
+ TARGETS = checkpolicy checkmodule
+ 
+ LEX = flex
+@@ -14,7 +11,12 @@ YACC = bison -y
+ 
+ CFLAGS ?= -g -Wall -Werror -Wshadow -O2 -pipe -fno-strict-aliasing
+ 
+-override CFLAGS += -I.
++# If no specific libsepol.a is specified, fall back on LDFLAGS search path
++# Otherwise, as $(LIBSEPOLA) already appears in the dependencies, there
++# is no need to define a value for LDLIBS_LIBSEPOLA
++ifeq ($(LIBSEPOLA),)
++        LDLIBS_LIBSEPOLA := -l:libsepol.a
++endif
+ 
+ CHECKOBJS = y.tab.o lex.yy.o queue.o module_compiler.o parse_util.o \
+ 	    policy_define.o
+@@ -27,8 +29,10 @@ all:  $(TARGETS)
+ 	$(MAKE) -C test
+ 
+ checkpolicy: $(CHECKPOLOBJS) $(LIBSEPOLA)
++	$(CC) -o $@ $^ $(LDFLAGS) $(LDLIBS_LIBSEPOLA)
+ 
+ checkmodule: $(CHECKMODOBJS) $(LIBSEPOLA)
++	$(CC) -o $@ $^ $(LDFLAGS) $(LDLIBS_LIBSEPOLA)
+ 
+ %.o: %.c 
+ 	$(CC) $(CFLAGS) -o $@ -c $<
+@@ -46,15 +50,15 @@ lex.yy.c: policy_scan.l y.tab.c
+ 	$(LEX) policy_scan.l
+ 
+ install: all
+-	-mkdir -p $(BINDIR)
+-	-mkdir -p $(MANDIR)/man8
+-	install -m 755 $(TARGETS) $(BINDIR)	
+-	install -m 644 checkpolicy.8 $(MANDIR)/man8
+-	install -m 644 checkmodule.8 $(MANDIR)/man8
++	-mkdir -p $(DESTDIR)$(BINDIR)
++	-mkdir -p $(DESTDIR)$(MANDIR)/man8
++	install -m 755 $(TARGETS) $(DESTDIR)$(BINDIR)	
++	install -m 644 checkpolicy.8 $(DESTDIR)$(MANDIR)/man8
++	install -m 644 checkmodule.8 $(DESTDIR)$(MANDIR)/man8
+ 
+ relabel: install
+-	/sbin/restorecon $(BINDIR)/checkpolicy
+-	/sbin/restorecon $(BINDIR)/checkmodule
++	/sbin/restorecon $(DESTDIR)$(BINDIR)/checkpolicy
++	/sbin/restorecon $(DESTDIR)$(BINDIR)/checkmodule
+ 
+ clean:
+ 	-rm -f $(TARGETS) $(CHECKPOLOBJS) $(CHECKMODOBJS) y.tab.c y.tab.h lex.yy.c
+diff --git checkpolicy-2.7/checkmodule.8 checkpolicy-2.7/checkmodule.8
+index ee95882..cf76591 100644
+--- checkpolicy-2.7/checkmodule.8
++++ checkpolicy-2.7/checkmodule.8
+@@ -64,4 +64,4 @@ especially "Configuring the SELinux Policy".
+ This manual page was copied from the checkpolicy man page 
+ written by Arpad Magosanyi <mag@bunuel.tii.matav.hu>, 
+ and edited by Dan Walsh <dwalsh@redhat.com>.
+-The program was written by Stephen Smalley <sds@epoch.ncsc.mil>.
++The program was written by Stephen Smalley <sds@tycho.nsa.gov>.
+diff --git checkpolicy-2.7/checkpolicy.8 checkpolicy-2.7/checkpolicy.8
+index 7b28696..1c8805d 100644
+--- checkpolicy-2.7/checkpolicy.8
++++ checkpolicy-2.7/checkpolicy.8
+@@ -58,5 +58,5 @@ especially "Configuring the SELinux Policy".
+ 
+ .SH AUTHOR
+ This manual page was written by Arpad Magosanyi <mag@bunuel.tii.matav.hu>,
+-and edited by Stephen Smalley <sds@epoch.ncsc.mil>.
+-The program was written by Stephen Smalley <sds@epoch.ncsc.mil>.
++and edited by Stephen Smalley <sds@tycho.nsa.gov>.
++The program was written by Stephen Smalley <sds@tycho.nsa.gov>.
+diff --git checkpolicy-2.7/checkpolicy.c checkpolicy-2.7/checkpolicy.c
+index b75f2af..fbda455 100644
+--- checkpolicy-2.7/checkpolicy.c
++++ checkpolicy-2.7/checkpolicy.c
+@@ -1,6 +1,6 @@
+ 
+ /*
+- * Author : Stephen Smalley, <sds@epoch.ncsc.mil> 
++ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
+  */
+ 
+ /*
+@@ -69,6 +69,9 @@
+ #ifndef IPPROTO_DCCP
+ #define IPPROTO_DCCP 33
+ #endif
++#ifndef IPPROTO_SCTP
++#define IPPROTO_SCTP 132
++#endif
+ #include <arpa/inet.h>
+ #include <fcntl.h>
+ #include <stdio.h>
+@@ -944,6 +947,8 @@ int main(int argc, char **argv)
+ 				protocol = IPPROTO_UDP;
+ 			else if (!strcmp(ans, "dccp") || !strcmp(ans, "DCCP"))
+ 				protocol = IPPROTO_DCCP;
++			else if (!strcmp(ans, "sctp") || !strcmp(ans, "SCTP"))
++				protocol = IPPROTO_SCTP;
+ 			else {
+ 				printf("unknown protocol\n");
+ 				break;
+diff --git checkpolicy-2.7/policy_define.c checkpolicy-2.7/policy_define.c
+index f12ebdb..11fd37d 100644
+--- checkpolicy-2.7/policy_define.c
++++ checkpolicy-2.7/policy_define.c
+@@ -1,5 +1,5 @@
+ /*
+- * Author : Stephen Smalley, <sds@epoch.ncsc.mil> 
++ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
+  */
+ 
+ /*
+@@ -40,6 +40,9 @@
+ #ifndef IPPROTO_DCCP
+ #define IPPROTO_DCCP 33
+ #endif
++#ifndef IPPROTO_SCTP
++#define IPPROTO_SCTP 132
++#endif
+ #include <arpa/inet.h>
+ #include <stdlib.h>
+ #include <limits.h>
+@@ -5004,6 +5007,8 @@ int define_port_context(unsigned int low, unsigned int high)
+ 		protocol = IPPROTO_UDP;
+ 	} else if ((strcmp(id, "dccp") == 0) || (strcmp(id, "DCCP") == 0)) {
+ 		protocol = IPPROTO_DCCP;
++	} else if ((strcmp(id, "sctp") == 0) || (strcmp(id, "SCTP") == 0)) {
++		protocol = IPPROTO_SCTP;
+ 	} else {
+ 		yyerror2("unrecognized protocol %s", id);
+ 		goto bad;
+diff --git checkpolicy-2.7/policy_parse.y checkpolicy-2.7/policy_parse.y
+index 6b406c8..247bd4e 100644
+--- checkpolicy-2.7/policy_parse.y
++++ checkpolicy-2.7/policy_parse.y
+@@ -1,6 +1,6 @@
+ 
+ /*
+- * Author : Stephen Smalley, <sds@epoch.ncsc.mil> 
++ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
+  */
+ 
+ /*
+diff --git checkpolicy-2.7/policy_scan.l checkpolicy-2.7/policy_scan.l
+index e6c4898..e93ccb6 100644
+--- checkpolicy-2.7/policy_scan.l
++++ checkpolicy-2.7/policy_scan.l
+@@ -1,6 +1,6 @@
+ 
+ /* 
+- * Author : Stephen Smalley, <sds@epoch.ncsc.mil> 
++ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
+  */
+ 
+ /* Updated: David Caplan, <dac@tresys.com>
+diff --git checkpolicy-2.7/queue.c checkpolicy-2.7/queue.c
+index acc991c..82e6673 100644
+--- checkpolicy-2.7/queue.c
++++ checkpolicy-2.7/queue.c
+@@ -1,5 +1,5 @@
+ 
+-/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
++/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
+ 
+ /* FLASK */
+ 
+diff --git checkpolicy-2.7/queue.h checkpolicy-2.7/queue.h
+index 655c94b..60c07fe 100644
+--- checkpolicy-2.7/queue.h
++++ checkpolicy-2.7/queue.h
+@@ -1,5 +1,5 @@
+ 
+-/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
++/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
+ 
+ /* FLASK */
+ 
+diff --git checkpolicy-2.7/test/Makefile checkpolicy-2.7/test/Makefile
+index 59fa446..89e7557 100644
+--- checkpolicy-2.7/test/Makefile
++++ checkpolicy-2.7/test/Makefile
+@@ -1,19 +1,22 @@
+ #
+ # Makefile for building the dispol program
+ #
+-PREFIX ?= $(DESTDIR)/usr
+-BINDIR ?= $(PREFIX)/bin
+-LIBDIR ?= $(PREFIX)/lib
+-INCLUDEDIR ?= $(PREFIX)/include
+-LIBSEPOLA ?= $(LIBDIR)/libsepol.a
+-
+ CFLAGS ?= -g -Wall -W -Werror -O2 -pipe
+ 
++# If no specific libsepol.a is specified, fall back on LDFLAGS search path
++# Otherwise, as $(LIBSEPOLA) already appears in the dependencies, there
++# is no need to define a value for LDLIBS_LIBSEPOLA
++ifeq ($(LIBSEPOLA),)
++        LDLIBS_LIBSEPOLA := -l:libsepol.a
++endif
++
+ all: dispol dismod
+ 
+ dispol: dispol.o $(LIBSEPOLA)
++	$(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS_LIBSEPOLA)
+ 
+ dismod: dismod.o $(LIBSEPOLA)
++	$(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS_LIBSEPOLA)
+ 
+ clean:
+ 	-rm -f dispol dismod *.o 
diff --git a/checkpolicy-tests.tar.gz b/checkpolicy-tests.tar.gz
new file mode 100644
index 0000000..070181a
--- /dev/null
+++ b/checkpolicy-tests.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:31963e5a13050e221f8f1c68ca2d4def3a783a803499cd498a2f62d6787d52b2
+size 13993
diff --git a/checkpolicy.changes b/checkpolicy.changes
index 66b9bb8..f8d1908 100644
--- a/checkpolicy.changes
+++ b/checkpolicy.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Wed May 16 07:16:19 UTC 2018 - mcepl@suse.com
+
+- Rebase to 2.7
+
 -------------------------------------------------------------------
 Fri Nov 24 09:01:04 UTC 2017 - jsegitz@suse.com
 
diff --git a/checkpolicy.spec b/checkpolicy.spec
index 1cd0c08..fed772d 100644
--- a/checkpolicy.spec
+++ b/checkpolicy.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package checkpolicy
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -18,17 +18,20 @@
 
 %define libsepol_ver 2.6
 Name:           checkpolicy
-Version:        2.6
+Version:        2.7
 Release:        0
 Summary:        SELinux policy compiler
-License:        GPL-2.0+
+License:        GPL-2.0-or-later
 Group:          Productivity/Security
 Url:            https://github.com/SELinuxProject/selinux
-Source:         https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014/%{name}-%{version}.tar.gz
+Source0:        https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/%{name}-%{version}.tar.gz
+Source1:        checkpolicy-tests.tar.gz
+Patch0:         checkpolicy-build.patch
 BuildRequires:  bison
+BuildRequires:  byacc
 BuildRequires:  flex
 BuildRequires:  libselinux-devel
-BuildRequires:  libsepol-devel-static >= %{libsepol_ver}
+BuildRequires:  libsepol-devel-static => %{libsepol_ver}
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -40,29 +43,52 @@ utilities that implement mandatory access control policies, such as
 Type Enforcement, Role-based Access Control and Multi-Level
 Security.)
 
+%package devel
+Summary:        Development files for SELinux policy compiler
+Group:          Development/Libraries/C and C++
+Requires:       %{name} = %{version}
+
+%description devel
+checkpolicy is the SELinux policy compiler. It uses libsepol to
+generate the binary policy.
+
+This package contains the development files, which are
+necessary to develop your own software using checkpolicy.
+
+%package -n python3-%{name}
+Summary:        Python bindings for SELinux policy compiler
+Group:          Development/Libraries/Python
+Requires:       %{name} = %{version}
+
+%description -n python3-%{name}
+checkpolicy is the SELinux policy compiler. It uses libsepol to
+generate the binary policy.
+
+This package contains the Python bindindgs, which are necessary
+to use checkpolicy from Python.
+
 %prep
 %setup -q
+%patch0 -p1
 
 %build
-make %{?_smp_mflags} clean
-make LIBDIR="%{_libdir}" CFLAGS="%{optflags}" %{?_smp_mflags}
-cd test
-make LIBDIR="%{_libdir}" CFLAGS="%{optflags}" %{?_smp_mflags}
+make clean
+make LIBDIR="%{_libdir}" CFLAGS="%{optflags}" LDFLAGS="$RPM_LD_FLAGS"
+(cd test
+make LIBDIR="%{_libdir}" CFLAGS="%{optflags}" LDFLAGS="$RPM_LD_FLAGS" )
 
 %install
-mkdir -p %{buildroot}%{_bindir}
-make LIBDIR="%{_libdir}" DESTDIR=%{buildroot} install
-install test/dismod %{buildroot}%{_bindir}/sedismod
-install test/dispol %{buildroot}%{_bindir}/sedispol
+mkdir -p ${RPM_BUILD_ROOT}%{_bindir}
+make LIBDIR="%{_libdir}" DESTDIR="${RPM_BUILD_ROOT}" install
+install test/dismod ${RPM_BUILD_ROOT}%{_bindir}/sedismod
+install test/dispol ${RPM_BUILD_ROOT}%{_bindir}/sedispol
 
 %files
 %defattr(-,root,root)
-%doc COPYING ChangeLog
 %{_bindir}/checkpolicy
 %{_bindir}/checkmodule
 %{_bindir}/sedismod
 %{_bindir}/sedispol
-%{_mandir}/man8/checkmodule.8%{ext_man}
-%{_mandir}/man8/checkpolicy.8%{ext_man}
+%{_mandir}/man8/check*.*%{ext_man}
 
 %changelog