diff --git a/libsemanage-update-map-file.patch b/libsemanage-update-map-file.patch
new file mode 100644
index 0000000..a0460ea
--- /dev/null
+++ b/libsemanage-update-map-file.patch
@@ -0,0 +1,409 @@
+From 3fc08f8908571195dfaac7d3179504873f37b4c0 Mon Sep 17 00:00:00 2001
+From: William Roberts <william.c.roberts@intel.com>
+Date: Mon, 23 Mar 2020 11:52:33 -0500
+Subject: [PATCH] libsemanage: update linker script
+
+With the old hidden_def and hidden_proto DSO infrastructure removed,
+correctness of the map file becomes paramount, as it is what filters out
+public API. Because of this, the wild cards should not be used, as it
+lets some functions through that should not be made public API. Thus
+remove the wild cards, and sort the list.
+
+Additionally, verify that nothing changed in external symbols as well:
+
+This was checked by generating an old export map (from master):
+nm --defined-only -g ./src/libsemanage.so | cut -d' ' -f 3-3 | grep -v '^_' > old.map
+
+Then creating a new one for this library after this patch is applied:
+nm --defined-only -g ./src/libsemanage.so | cut -d' ' -f 3-3 | grep -v '^_' > new.map
+
+And diffing them:
+diff old.map new.map
+
+Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
+Signed-off-by: William Roberts <william.c.roberts@intel.com>
+---
+ libsemanage/src/libsemanage.map | 372 +++++++++++++++++++++++++++++---
+ 1 file changed, 345 insertions(+), 27 deletions(-)
+
+diff --git a/libsemanage/src/libsemanage.map b/libsemanage/src/libsemanage.map
+index 020366967..e1861ccbe 100644
+--- a/libsemanage/src/libsemanage.map
++++ b/libsemanage/src/libsemanage.map
+@@ -1,31 +1,349 @@
+ LIBSEMANAGE_1.0 {
+-  global: semanage_handle_create; semanage_handle_destroy; 
+-          semanage_is_managed; semanage_connect; semanage_disconnect; 
+-	  semanage_msg_*;
+-          semanage_begin_transaction; semanage_commit;
+-	  semanage_module_install; semanage_module_install_file;
+-	  semanage_module_upgrade; semanage_module_upgrade_file;
+-	  semanage_module_install_base; semanage_module_install_base_file;
+-	  semanage_module_enable;
+-	  semanage_module_disable;
+-	  semanage_module_remove;
+-	  semanage_module_list; semanage_module_info_datum_destroy;
+-	  semanage_module_list_nth; semanage_module_get_name;
+-	  semanage_module_get_version; semanage_select_store;
+-	  semanage_module_get_enabled;
+-	  semanage_reload_policy; semanage_set_reload; semanage_set_rebuild;
+-	  semanage_set_root;
+-	  semanage_root;
+-	  semanage_user_*; semanage_bool_*; semanage_seuser_*;
+-	  semanage_iface_*; semanage_port_*; semanage_context_*;
+-	  semanage_ibpkey_*;
+-	  semanage_ibendport_*;
+-	  semanage_node_*;
+-	  semanage_fcontext_*; semanage_access_check; semanage_set_create_store;
+-	  semanage_is_connected; semanage_get_disable_dontaudit; semanage_set_disable_dontaudit;
+-	  semanage_mls_enabled;
+-	  semanage_set_check_contexts;
+-	  semanage_get_preserve_tunables; semanage_set_preserve_tunables;
++  global:
++    semanage_access_check;
++    semanage_begin_transaction;
++    semanage_bool_clone;
++    semanage_bool_compare;
++    semanage_bool_compare2;
++    semanage_bool_count;
++    semanage_bool_count_active;
++    semanage_bool_count_local;
++    semanage_bool_create;
++    semanage_bool_del_local;
++    semanage_bool_exists;
++    semanage_bool_exists_active;
++    semanage_bool_exists_local;
++    semanage_bool_free;
++    semanage_bool_get_name;
++    semanage_bool_get_value;
++    semanage_bool_iterate;
++    semanage_bool_iterate_active;
++    semanage_bool_iterate_local;
++    semanage_bool_key_create;
++    semanage_bool_key_extract;
++    semanage_bool_key_free;
++    semanage_bool_list;
++    semanage_bool_list_active;
++    semanage_bool_list_local;
++    semanage_bool_modify_local;
++    semanage_bool_query;
++    semanage_bool_query_active;
++    semanage_bool_query_local;
++    semanage_bool_set_active;
++    semanage_bool_set_name;
++    semanage_bool_set_value;
++    semanage_commit;
++    semanage_connect;
++    semanage_context_clone;
++    semanage_context_create;
++    semanage_context_free;
++    semanage_context_from_string;
++    semanage_context_get_mls;
++    semanage_context_get_role;
++    semanage_context_get_type;
++    semanage_context_get_user;
++    semanage_context_set_mls;
++    semanage_context_set_role;
++    semanage_context_set_type;
++    semanage_context_set_user;
++    semanage_context_to_string;
++    semanage_disconnect;
++    semanage_fcontext_clone;
++    semanage_fcontext_compare;
++    semanage_fcontext_compare2;
++    semanage_fcontext_count;
++    semanage_fcontext_count_local;
++    semanage_fcontext_create;
++    semanage_fcontext_del_local;
++    semanage_fcontext_exists;
++    semanage_fcontext_exists_local;
++    semanage_fcontext_free;
++    semanage_fcontext_get_con;
++    semanage_fcontext_get_expr;
++    semanage_fcontext_get_type;
++    semanage_fcontext_get_type_str;
++    semanage_fcontext_iterate;
++    semanage_fcontext_iterate_local;
++    semanage_fcontext_key_create;
++    semanage_fcontext_key_extract;
++    semanage_fcontext_key_free;
++    semanage_fcontext_list;
++    semanage_fcontext_list_homedirs;
++    semanage_fcontext_list_local;
++    semanage_fcontext_modify_local;
++    semanage_fcontext_query;
++    semanage_fcontext_query_local;
++    semanage_fcontext_set_con;
++    semanage_fcontext_set_expr;
++    semanage_fcontext_set_type;
++    semanage_get_default_priority;
++    semanage_get_disable_dontaudit;
++    semanage_get_hll_compiler_path;
++    semanage_get_ignore_module_cache;
++    semanage_get_preserve_tunables;
++    semanage_handle_create;
++    semanage_handle_destroy;
++    semanage_ibendport_clone;
++    semanage_ibendport_compare;
++    semanage_ibendport_compare2;
++    semanage_ibendport_count;
++    semanage_ibendport_count_local;
++    semanage_ibendport_create;
++    semanage_ibendport_del_local;
++    semanage_ibendport_exists;
++    semanage_ibendport_exists_local;
++    semanage_ibendport_free;
++    semanage_ibendport_get_con;
++    semanage_ibendport_get_ibdev_name;
++    semanage_ibendport_get_port;
++    semanage_ibendport_iterate;
++    semanage_ibendport_iterate_local;
++    semanage_ibendport_key_create;
++    semanage_ibendport_key_extract;
++    semanage_ibendport_key_free;
++    semanage_ibendport_list;
++    semanage_ibendport_list_local;
++    semanage_ibendport_modify_local;
++    semanage_ibendport_query;
++    semanage_ibendport_query_local;
++    semanage_ibendport_set_con;
++    semanage_ibendport_set_ibdev_name;
++    semanage_ibendport_set_port;
++    semanage_ibpkey_clone;
++    semanage_ibpkey_compare;
++    semanage_ibpkey_compare2;
++    semanage_ibpkey_count;
++    semanage_ibpkey_count_local;
++    semanage_ibpkey_create;
++    semanage_ibpkey_del_local;
++    semanage_ibpkey_exists;
++    semanage_ibpkey_exists_local;
++    semanage_ibpkey_free;
++    semanage_ibpkey_get_con;
++    semanage_ibpkey_get_high;
++    semanage_ibpkey_get_low;
++    semanage_ibpkey_get_subnet_prefix;
++    semanage_ibpkey_get_subnet_prefix_bytes;
++    semanage_ibpkey_iterate;
++    semanage_ibpkey_iterate_local;
++    semanage_ibpkey_key_create;
++    semanage_ibpkey_key_extract;
++    semanage_ibpkey_key_free;
++    semanage_ibpkey_list;
++    semanage_ibpkey_list_local;
++    semanage_ibpkey_modify_local;
++    semanage_ibpkey_query;
++    semanage_ibpkey_query_local;
++    semanage_ibpkey_set_con;
++    semanage_ibpkey_set_pkey;
++    semanage_ibpkey_set_range;
++    semanage_ibpkey_set_subnet_prefix;
++    semanage_ibpkey_set_subnet_prefix_bytes;
++    semanage_iface_clone;
++    semanage_iface_compare;
++    semanage_iface_compare2;
++    semanage_iface_count;
++    semanage_iface_count_local;
++    semanage_iface_create;
++    semanage_iface_del_local;
++    semanage_iface_exists;
++    semanage_iface_exists_local;
++    semanage_iface_free;
++    semanage_iface_get_ifcon;
++    semanage_iface_get_msgcon;
++    semanage_iface_get_name;
++    semanage_iface_iterate;
++    semanage_iface_iterate_local;
++    semanage_iface_key_create;
++    semanage_iface_key_extract;
++    semanage_iface_key_free;
++    semanage_iface_list;
++    semanage_iface_list_local;
++    semanage_iface_modify_local;
++    semanage_iface_query;
++    semanage_iface_query_local;
++    semanage_iface_set_ifcon;
++    semanage_iface_set_msgcon;
++    semanage_iface_set_name;
++    semanage_is_connected;
++    semanage_is_managed;
++    semanage_mls_enabled;
++    semanage_module_disable;
++    semanage_module_enable;
++    semanage_module_extract;
++    semanage_module_get_enabled;
++    semanage_module_get_module_info;
++    semanage_module_get_name;
++    semanage_module_get_version;
++    semanage_module_info_create;
++    semanage_module_info_datum_destroy;
++    semanage_module_info_destroy;
++    semanage_module_info_get_enabled;
++    semanage_module_info_get_lang_ext;
++    semanage_module_info_get_name;
++    semanage_module_info_get_priority;
++    semanage_module_info_set_enabled;
++    semanage_module_info_set_lang_ext;
++    semanage_module_info_set_name;
++    semanage_module_info_set_priority;
++    semanage_module_install;
++    semanage_module_install_base;
++    semanage_module_install_base_file;
++    semanage_module_install_file;
++    semanage_module_install_info;
++    semanage_module_key_create;
++    semanage_module_key_destroy;
++    semanage_module_key_get_name;
++    semanage_module_key_get_priority;
++    semanage_module_key_set_name;
++    semanage_module_key_set_priority;
++    semanage_module_list;
++    semanage_module_list_all;
++    semanage_module_list_nth;
++    semanage_module_remove;
++    semanage_module_remove_key;
++    semanage_module_set_enabled;
++    semanage_module_upgrade;
++    semanage_module_upgrade_file;
++    semanage_msg_get_channel;
++    semanage_msg_get_fname;
++    semanage_msg_get_level;
++    semanage_msg_set_callback;
++    semanage_node_clone;
++    semanage_node_compare;
++    semanage_node_compare2;
++    semanage_node_count;
++    semanage_node_count_local;
++    semanage_node_create;
++    semanage_node_del_local;
++    semanage_node_exists;
++    semanage_node_exists_local;
++    semanage_node_free;
++    semanage_node_get_addr;
++    semanage_node_get_addr_bytes;
++    semanage_node_get_con;
++    semanage_node_get_mask;
++    semanage_node_get_mask_bytes;
++    semanage_node_get_proto;
++    semanage_node_get_proto_str;
++    semanage_node_iterate;
++    semanage_node_iterate_local;
++    semanage_node_key_create;
++    semanage_node_key_extract;
++    semanage_node_key_free;
++    semanage_node_list;
++    semanage_node_list_local;
++    semanage_node_modify_local;
++    semanage_node_query;
++    semanage_node_query_local;
++    semanage_node_set_addr;
++    semanage_node_set_addr_bytes;
++    semanage_node_set_con;
++    semanage_node_set_mask;
++    semanage_node_set_mask_bytes;
++    semanage_node_set_proto;
++    semanage_port_clone;
++    semanage_port_compare;
++    semanage_port_compare2;
++    semanage_port_count;
++    semanage_port_count_local;
++    semanage_port_create;
++    semanage_port_del_local;
++    semanage_port_exists;
++    semanage_port_exists_local;
++    semanage_port_free;
++    semanage_port_get_con;
++    semanage_port_get_high;
++    semanage_port_get_low;
++    semanage_port_get_proto;
++    semanage_port_get_proto_str;
++    semanage_port_iterate;
++    semanage_port_iterate_local;
++    semanage_port_key_create;
++    semanage_port_key_extract;
++    semanage_port_key_free;
++    semanage_port_list;
++    semanage_port_list_local;
++    semanage_port_modify_local;
++    semanage_port_query;
++    semanage_port_query_local;
++    semanage_port_set_con;
++    semanage_port_set_port;
++    semanage_port_set_proto;
++    semanage_port_set_range;
++    semanage_reload_policy;
++    semanage_root;
++    semanage_select_store;
++    semanage_set_check_contexts;
++    semanage_set_create_store;
++    semanage_set_default_priority;
++    semanage_set_disable_dontaudit;
++    semanage_set_ignore_module_cache;
++    semanage_set_preserve_tunables;
++    semanage_set_rebuild;
++    semanage_set_reload;
++    semanage_set_root;
++    semanage_set_store_root;
++    semanage_seuser_clone;
++    semanage_seuser_compare;
++    semanage_seuser_compare2;
++    semanage_seuser_count;
++    semanage_seuser_count_local;
++    semanage_seuser_create;
++    semanage_seuser_del_local;
++    semanage_seuser_exists;
++    semanage_seuser_exists_local;
++    semanage_seuser_free;
++    semanage_seuser_get_mlsrange;
++    semanage_seuser_get_name;
++    semanage_seuser_get_sename;
++    semanage_seuser_iterate;
++    semanage_seuser_iterate_local;
++    semanage_seuser_key_create;
++    semanage_seuser_key_extract;
++    semanage_seuser_key_free;
++    semanage_seuser_list;
++    semanage_seuser_list_local;
++    semanage_seuser_modify_local;
++    semanage_seuser_query;
++    semanage_seuser_query_local;
++    semanage_seuser_set_mlsrange;
++    semanage_seuser_set_name;
++    semanage_seuser_set_sename;
++    semanage_user_add_role;
++    semanage_user_clone;
++    semanage_user_compare;
++    semanage_user_compare2;
++    semanage_user_count;
++    semanage_user_count_local;
++    semanage_user_create;
++    semanage_user_del_local;
++    semanage_user_del_role;
++    semanage_user_exists;
++    semanage_user_exists_local;
++    semanage_user_free;
++    semanage_user_get_mlslevel;
++    semanage_user_get_mlsrange;
++    semanage_user_get_name;
++    semanage_user_get_num_roles;
++    semanage_user_get_prefix;
++    semanage_user_get_roles;
++    semanage_user_has_role;
++    semanage_user_iterate;
++    semanage_user_iterate_local;
++    semanage_user_key_create;
++    semanage_user_key_extract;
++    semanage_user_key_free;
++    semanage_user_list;
++    semanage_user_list_local;
++    semanage_user_modify_local;
++    semanage_user_query;
++    semanage_user_query_local;
++    semanage_user_set_mlslevel;
++    semanage_user_set_mlsrange;
++    semanage_user_set_name;
++    semanage_user_set_prefix;
++    semanage_user_set_roles;
+   local: *;
+ };
+ 
diff --git a/libsemanage.changes b/libsemanage.changes
index fdc8608..36fce4c 100644
--- a/libsemanage.changes
+++ b/libsemanage.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Fri Jun 12 09:07:31 UTC 2020 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
+
+- Fix build with LTO: [bsc#1133102]
+  * Enable LTO (Link Time Optimization) and build with -ffat-lto-objects
+  * Update map file to include new symbols and remove wildcards
+- Add libsemanage-update-map-file.patch
+
 -------------------------------------------------------------------
 Thu Jun  4 09:57:51 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
 
diff --git a/libsemanage.spec b/libsemanage.spec
index eabc72b..cb56a99 100644
--- a/libsemanage.spec
+++ b/libsemanage.spec
@@ -26,6 +26,8 @@ URL:            https://github.com/SELinuxProject/selinux/wiki/Releases
 Source:         https://github.com/SELinuxProject/selinux/releases/download/20191204/%{name}-%{version}.tar.gz
 Source1:        baselibs.conf
 Source2:        semanage.conf
+# PATCH-FIX-UPSTREAM bsc#1133102 LTO: Update map file to include new symbols and remove wildcards
+Patch0:         libsemanage-update-map-file.patch
 BuildRequires:  audit-devel
 BuildRequires:  bison
 BuildRequires:  fdupes
@@ -90,14 +92,14 @@ stores must be migrated before any commands that modify or use the store
 
 %prep
 %setup -q
+%patch0 -p2
 # Replace /usr/libexec with whatever the distro defines as libexecdir - across all files
 grep /usr/libexec . -rl | xargs sed -i "s|/usr/libexec|%{_libexecdir}|g"
 
 %build
-%define _lto_cflags %{nil}
 make %{?_smp_mflags} clean
-make -j1 CFLAGS="%{optflags}" CC="gcc"
-make -j1 CFLAGS="%{optflags}" LIBDIR="%{_libdir}" LIBEXECDIR="%{_libexecdir}" SHLIBDIR="%{_lib}" CC="gcc" all
+make -j1 CFLAGS="%{optflags} -ffat-lto-objects" CC="gcc"
+make -j1 CFLAGS="%{optflags} -ffat-lto-objects" LIBDIR="%{_libdir}" LIBEXECDIR="%{_libexecdir}" SHLIBDIR="%{_lib}" CC="gcc" all
 
 %install
 mkdir -p %{buildroot}/%{_lib}
diff --git a/python-semanage.changes b/python-semanage.changes
index ab70035..892ba80 100644
--- a/python-semanage.changes
+++ b/python-semanage.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Fri Jun 12 09:07:31 UTC 2020 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
+
+- Fix build with LTO: [bsc#1133102]
+  * Enable LTO (Link Time Optimization)
+  * Update map file to include new symbols and remove wildcards
+- Add libsemanage-update-map-file.patch
+
 -------------------------------------------------------------------
 Thu Jun  4 09:57:51 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
 
diff --git a/python-semanage.spec b/python-semanage.spec
index 3f540f8..fac8297 100644
--- a/python-semanage.spec
+++ b/python-semanage.spec
@@ -26,6 +26,8 @@ Group:          Development/Languages/Python
 URL:            https://github.com/SELinuxProject/selinux
 Source:         https://github.com/SELinuxProject/selinux/releases/download/20191204/libsemanage-%{version}.tar.gz
 Source1:        baselibs.conf
+# PATCH-FIX-UPSTREAM bsc#1133102 LTO: Update map file to include new symbols and remove wildcards
+Patch0:         libsemanage-update-map-file.patch
 BuildRequires:  %{python_module devel}
 BuildRequires:  audit-devel
 BuildRequires:  bison
@@ -46,11 +48,11 @@ SELinux policy management applications.
 
 %prep
 %setup -q -n libsemanage-%{version}
+%patch0 -p2
 # Replace /usr/libexec with whatever the distro defines as libexecdir - across all files
 grep /usr/libexec . -rl | xargs sed -i "s|/usr/libexec|%{_libexecdir}|g"
 
 %build
-%define _lto_cflags %{nil}
 make %{?_smp_mflags} clean
 %{python_expand # loop over possible pythons
 make -j1 PYTHON=$python CFLAGS="%{optflags}" swigify