diff --git a/0001-curl-7.65.3-negotiate-fails.patch b/0001-curl-7.65.3-negotiate-fails.patch
deleted file mode 100644
index 9cfae77..0000000
--- a/0001-curl-7.65.3-negotiate-fails.patch
+++ /dev/null
@@ -1,166 +0,0 @@
-From 90f7ca7bec18b49bf2706430aa6493eda7d7a573 Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Tue, 30 Jul 2019 12:59:35 +0200
-Subject: [PATCH] http_negotiate: improve handling of gss_init_sec_context()
- failures
-
-If HTTPAUTH_GSSNEGOTIATE was used for a POST request and
-gss_init_sec_context() failed, the POST request was sent
-with empty body.  This commit also restores the original
-behavior of `curl --fail --negotiate`, which was changed
-by commit 6c6035532383e300c712e4c1cd9fdd749ed5cf59.
-
-Add regression tests 2077 and 2078 to cover this.
-
-Fixes #3992
-Closes #4171
-
-Upstream-commit: 4c187043c5aac57f354ebb96cc6ff3263411e98d
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- lib/http_negotiate.c    |  2 +-
- tests/data/Makefile.inc |  3 ++-
- tests/data/test2077     | 42 ++++++++++++++++++++++++++++++++
- tests/data/test2078     | 54 +++++++++++++++++++++++++++++++++++++++++
- 4 files changed, 99 insertions(+), 2 deletions(-)
- create mode 100644 tests/data/test2077
- create mode 100644 tests/data/test2078
-
-diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c
-index c8f406444..fe15dcefb 100644
---- a/lib/http_negotiate.c
-+++ b/lib/http_negotiate.c
-@@ -151,7 +151,7 @@ CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy)
-       if(result == CURLE_LOGIN_DENIED) {
-         /* negotiate auth failed, let's continue unauthenticated to stay
-          * compatible with the behavior before curl-7_64_0-158-g6c6035532 */
--        conn->data->state.authproblem = TRUE;
-+        authp->done = TRUE;
-         return CURLE_OK;
-       }
-       else if(result)
-diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
-index 693e53d7c..3ed4a03e4 100644
---- a/tests/data/Makefile.inc
-+++ b/tests/data/Makefile.inc
-@@ -199,7 +199,8 @@ test2040 test2041 test2042 test2043 test2044 test2045 test2046 test2047 \
- test2048 test2049 test2050 test2051 test2052 test2053 test2054 test2055 \
- test2056 test2057 test2058 test2059 test2060 test2061 test2062 test2063 \
- test2064 test2065 test2066 test2067 test2068 test2069 \
--         test2071 test2072 test2073 test2074 test2075 test2076 \
-+         test2071 test2072 test2073 test2074 test2075 test2076 test2077 \
-+test2078 \
- test2080 \
- test2100 \
- \
-diff --git a/tests/data/test2077 b/tests/data/test2077
-new file mode 100644
-index 000000000..0c600f5c3
---- /dev/null
-+++ b/tests/data/test2077
-@@ -0,0 +1,42 @@
-+<testcase>
-+<info>
-+<keywords>
-+HTTP
-+HTTP GET
-+GSS-API
-+</keywords>
-+</info>
-+
-+# Server-side
-+<reply>
-+<data>
-+HTTP/1.1 200 OK swsclose
-+Content-Length: 23
-+
-+This IS the real page!
-+</data>
-+</reply>
-+
-+# Client-side
-+<client>
-+<server>
-+http
-+</server>
-+<features>
-+GSS-API
-+</features>
-+<name>
-+curl --fail --negotiate to unauthenticated service fails
-+</name>
-+<command>
-+http://%HOSTIP:%HTTPPORT/2077 -u : --fail --negotiate
-+</command>
-+</client>
-+
-+# Verify data after the test has been "shot"
-+<verify>
-+<errorcode>
-+0
-+</errorcode>
-+</verify>
-+</testcase>
-diff --git a/tests/data/test2078 b/tests/data/test2078
-new file mode 100644
-index 000000000..99bc2dbee
---- /dev/null
-+++ b/tests/data/test2078
-@@ -0,0 +1,54 @@
-+<testcase>
-+<info>
-+<keywords>
-+HTTP
-+HTTP GET
-+GSS-API
-+</keywords>
-+</info>
-+
-+# Server-side
-+<reply>
-+<data>
-+HTTP/1.1 200 OK swsclose
-+Content-Length: 23
-+
-+This IS the real page!
-+</data>
-+</reply>
-+
-+# Client-side
-+<client>
-+<server>
-+http
-+</server>
-+<features>
-+GSS-API
-+</features>
-+<name>
-+curl --negotiate should not send empty POST request only
-+</name>
-+<command>
-+http://%HOSTIP:%HTTPPORT/2078 -u : --negotiate --data name=value
-+</command>
-+</client>
-+
-+# Verify data after the test has been "shot"
-+<verify>
-+<errorcode>
-+0
-+</errorcode>
-+<strip>
-+^User-Agent:.*
-+</strip>
-+<protocol nonewline="yes">
-+POST /2078 HTTP/1.1
-+Host: 127.0.0.1:8990
-+Accept: */*
-+Content-Length: 10
-+Content-Type: application/x-www-form-urlencoded
-+
-+name=value
-+</protocol>
-+</verify>
-+</testcase>
--- 
-2.20.1
-
diff --git a/0002-curl-7.65.3-h2-framing-layer-error.patch b/0002-curl-7.65.3-h2-framing-layer-error.patch
deleted file mode 100644
index 24db142..0000000
--- a/0002-curl-7.65.3-h2-framing-layer-error.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 98d59387c749256c2421b22dc3419b94d381986a Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Mon, 26 Aug 2019 16:00:05 +0200
-Subject: [PATCH] http2: when marked for closure and wanted to close == OK
-
-It could otherwise return an error even when closed correctly if GOAWAY
-had been received previously.
-
-Reported-by: Tom van der Woerdt
-Fixes #4267
-Closes #4268
-
-Upstream-commit: c1b6a384f9c8a91197c20adb49d43f30dc0e917d
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- lib/http2.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/lib/http2.c b/lib/http2.c
-index 930e85165..31d2d698a 100644
---- a/lib/http2.c
-+++ b/lib/http2.c
-@@ -1566,6 +1566,11 @@ static ssize_t http2_recv(struct connectdata *conn, int sockindex,
-   if(should_close_session(httpc)) {
-     H2BUGF(infof(data,
-                  "http2_recv: nothing to do in this session\n"));
-+    if(conn->bits.close) {
-+      /* already marked for closure, return OK and we're done */
-+      *err = CURLE_OK;
-+      return 0;
-+    }
-     *err = CURLE_HTTP2;
-     return -1;
-   }
--- 
-2.20.1
-
diff --git a/0102-curl-7.36.0-debug.patch b/0102-curl-7.36.0-debug.patch
index 4f7991b..affe9f0 100644
--- a/0102-curl-7.36.0-debug.patch
+++ b/0102-curl-7.36.0-debug.patch
@@ -12,7 +12,7 @@ diff --git a/configure b/configure
 index 8f079a3..53b4774 100755
 --- a/configure
 +++ b/configure
-@@ -16288,18 +16288,11 @@ $as_echo "yes" >&6; }
+@@ -16301,18 +16301,11 @@ $as_echo "yes" >&6; }
      gccvhi=`echo $gccver | cut -d . -f1`
      gccvlo=`echo $gccver | cut -d . -f2`
      compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
diff --git a/curl-7.65.3.tar.xz.asc b/curl-7.65.3.tar.xz.asc
deleted file mode 100644
index 1671b07..0000000
--- a/curl-7.65.3.tar.xz.asc
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAl0xj7oACgkQXMkI/bce
-EsKYbgf9G41o5x73tc+2TOGt2QmJ7ukyHmd5Vq7XTSNdNU5dJ41Z3qh9Jm72x62i
-b4kJMjWyoL2j031ml5JevycpMpNa1v784UlPW2tzzL2B7v6vcA4xknJRLWlPlcTJ
-HOgub6r7g/zhOpdAeJh8o4jkBLUyN+S/HOyHLWcvdWDnhqUAmpZfIqtd8kjqzDul
-XAkdj7MxWqKZ3wXWwlpp4j81jpfOj7KCC/ZpxlJ0KfefgYEzV23O2hcJzw57jqTy
-SQZc39uTQOjbZPlBXJD55QeVISCwe53pn55aWQll90XfE3XRapuYZdiL8wLwtl/L
-tjugTKjfoy9qqOGH5YB/4kHqoSJqow==
-=Itbi
------END PGP SIGNATURE-----
diff --git a/curl-7.66.0.tar.xz.asc b/curl-7.66.0.tar.xz.asc
new file mode 100644
index 0000000..83e8258
--- /dev/null
+++ b/curl-7.66.0.tar.xz.asc
@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAl14i4AACgkQXMkI/bce
+EsJwgwf/WauX31s687pdOgpPE4ymPuxIrdVl+NovWdOBdQQfIA0c/4lu4onJYPAT
+K6wq86me5y8fj/Q3ymqQ3H1EcJE2vTHPx/w+zEHNsEILtBMFHdm84CJzhdLlI1GC
+9iBkjVKk/2s0tBOdC3HuskYLY2y02dHACvTvDJjx42nK4IbsdjoamVdMa7vep1TG
+abmLRNHkOHKjioYWi0N04c5H5YDpdWOOjFY+EPO+m+YQuJlYkgw90nlmOaqiLcHL
+3zGCMNXb209wxuNEVKenlhPQ/3FQZ9+8a4b6mMqBX7PDwhDiZLhqIJgVseWdw1r0
+Qm2suW4eUtlC2DTqTMtusG7EMN8pag==
+=pFLb
+-----END PGP SIGNATURE-----
diff --git a/curl.spec b/curl.spec
index 54654c4..7d8f9f8 100644
--- a/curl.spec
+++ b/curl.spec
@@ -1,16 +1,10 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
-Version: 7.65.3
-Release: 4%{?dist}
+Version: 7.66.0
+Release: 1%{?dist}
 License: MIT
 Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz
 
-# improve handling of gss_init_sec_context() failures
-Patch1:   0001-curl-7.65.3-negotiate-fails.patch
-
-# avoid reporting spurious error in the HTTP2 framing layer (#1690971)
-Patch2:   0002-curl-7.65.3-h2-framing-layer-error.patch
-
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.32.0-multilib.patch
 
@@ -177,8 +171,6 @@ be installed.
 %setup -q
 
 # upstream patches
-%patch1 -p1
-%patch2 -p1
 
 # Fedora patches
 %patch101 -p1
@@ -354,6 +346,11 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
 
 %changelog
+* Wed Sep 11 2019 Kamil Dudka <kdudka@redhat.com> - 7.66.0-1
+- new upstream release, which fixes the following vulnerabilities
+    CVE-2019-5481 - double free due to subsequent call of realloc()
+    CVE-2019-5482 - heap buffer overflow in function tftp_receive_packet()
+
 * Tue Aug 27 2019 Kamil Dudka <kdudka@redhat.com> - 7.65.3-4
 - avoid reporting spurious error in the HTTP2 framing layer (#1690971)
 
diff --git a/sources b/sources
index e0d70dd..aea53b9 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (curl-7.65.3.tar.xz) = fc4f041d3d6682378ce9eef2c6081e6ad83bb2502ea4c992c760266584c09e9ebca7c6d35958bd32a888702d9308cbce7aef69c431f97994107d7ff6b953941b
+SHA512 (curl-7.66.0.tar.xz) = 81170e7e4fa9d99ee2038d96d7f2ab10dcf52435331c818c7565c1a733891720f845a08029915e52ba532c6a344c346e1678474624aac1cc333aea6d1eacde35