diff --git a/0001-Use-SHA-2-instead-of-SHA-1.patch b/0001-Use-SHA-2-instead-of-SHA-1.patch
index 1ab5f13..fcd15a6 100644
--- a/0001-Use-SHA-2-instead-of-SHA-1.patch
+++ b/0001-Use-SHA-2-instead-of-SHA-1.patch
@@ -1,4 +1,4 @@
-From ff417d9a70e6d6ee40176b184ea7b67ee3f2355b Mon Sep 17 00:00:00 2001
+From 04f73fee2892753b3e81923d2ac3d338acfdbc4c Mon Sep 17 00:00:00 2001
 From: Petr Lautrbach <plautrba@redhat.com>
 Date: Fri, 30 Jul 2021 14:14:37 +0200
 Subject: [PATCH] Use SHA-2 instead of SHA-1
@@ -10,7 +10,7 @@ The use of SHA-1 in RHEL9 is deprecated
  libselinux/include/selinux/restorecon.h       |   4 +-
  libselinux/man/man3/selabel_digest.3          |   4 +-
  libselinux/man/man3/selabel_open.3            |   2 +-
- libselinux/man/man3/selinux_restorecon.3      |  16 +-
+ libselinux/man/man3/selinux_restorecon.3      |  18 +-
  .../man/man3/selinux_restorecon_xattr.3       |   2 +-
  libselinux/src/Makefile                       |   2 +-
  libselinux/src/label_file.c                   |  40 +--
@@ -23,7 +23,7 @@ The use of SHA-1 in RHEL9 is deprecated
  libselinux/src/sha256.h                       |  89 ++++++
  libselinux/utils/selabel_digest.c             |  26 +-
  .../selabel_get_digests_all_partial_matches.c |  28 +-
- 17 files changed, 470 insertions(+), 392 deletions(-)
+ 17 files changed, 471 insertions(+), 393 deletions(-)
  delete mode 100644 libselinux/src/sha1.c
  delete mode 100644 libselinux/src/sha1.h
  create mode 100644 libselinux/src/sha256.c
@@ -97,7 +97,7 @@ index 0e03e1be111e..14ab888d2e03 100644
  .BR selabel_digest (3)
  .
 diff --git a/libselinux/man/man3/selinux_restorecon.3 b/libselinux/man/man3/selinux_restorecon.3
-index 218aaf6d2ae5..c74189c0852d 100644
+index 218aaf6d2ae5..5f6d4b386429 100644
 --- a/libselinux/man/man3/selinux_restorecon.3
 +++ b/libselinux/man/man3/selinux_restorecon.3
 @@ -36,7 +36,7 @@ If this is a directory and the
@@ -138,7 +138,13 @@ index 218aaf6d2ae5..c74189c0852d 100644
  extended attribute as described in the
  .B NOTES
  section.
-@@ -184,7 +184,7 @@ walk, the specfile entries SHA1 digest will not have been written to the
+@@ -179,12 +179,12 @@ for fetching the ignored (skipped) error count after
+ or
+ .BR selinux_restorecon_parallel (3)
+ completes with success. In case any errors were skipped during the file tree
+-walk, the specfile entries SHA1 digest will not have been written to the
++walk, the specfile entries SHA256 digest will not have been written to the
+ .IR security.sehash
  extended attribute.
  .RE
  .sp
diff --git a/libselinux.spec b/libselinux.spec
index 7cf0a50..026015f 100644
--- a/libselinux.spec
+++ b/libselinux.spec
@@ -4,7 +4,7 @@
 Summary: SELinux library and simple utilities
 Name: libselinux
 Version: 3.4
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: Public Domain
 # https://github.com/SELinuxProject/selinux/wiki/Releases
 Source0: https://github.com/SELinuxProject/selinux/releases/download/3.4/libselinux-3.4.tar.gz
@@ -214,6 +214,9 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
 %{ruby_vendorarchdir}/selinux.so
 
 %changelog
+* Mon Jul 18 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-3
+- Drop SHA-1 from selinux_restorecon.3
+
 * Tue May 31 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-2
 - Revert "libselinux: restorecon: pin file to avoid TOCTOU issues"