diff --git a/libunbound-devel-mini.changes b/libunbound-devel-mini.changes
index 4664629..fb42809 100644
--- a/libunbound-devel-mini.changes
+++ b/libunbound-devel-mini.changes
@@ -1,3 +1,92 @@
+-------------------------------------------------------------------
+Mon Sep  4 16:17:44 UTC 2017 - michael@stroeder.com
+
+- update to 1.6.6
+
+Features:
+- unbound-control dump_infra prints port number for address if not 53.
+- Fix #1344: RFC6761-reserved domains: test. and invalid.
+- Fix #1349: allow suppression of pidfiles (from Daniel Kahn Gillmor).
+  With the -p option unbound does not create a pidfile.
+- Added stats for queries that have been ratelimited by domain
+  recursion.
+- Patch to show DNSCrypt status in help output, from Carsten
+  Strotmann.
+- Fix #1407: Add ECS options check to unbound-checkconf.
+- Fix #1415: [dnscrypt] shared secret cache, patch from
+  Manu Bretelle.
+
+Bug Fixes:
+- fixup of dnscrypt_cert_chacha test (from Manu Bretelle).
+- First fix for zero b64 and hex text zone format in sldns.
+- Better fixup of dnscrypt_cert_chacha test for different escapes.
+- Fix that infra cache host hash does not change after reconfig.
+- Fix python example0 return module wait instead of error for pass.
+- enhancement for hardened-tls for DNS over TLS.  Removed duplicated
+  security settings.
+- Fix for unbound-checkconf, check ipsecmod-hook if ipsecmod is turned
+  on.
+- Fix #1331: libunbound segfault in threaded mode when context is
+  deleted.
+- Fix pythonmod link line option flag.
+- Fix openssl 1.1.0 load of ssl error strings from ssl init.
+- Fix 1332: Bump verbosity of failed chown'ing of the control socket.
+- Redirect all localhost names to localhost address for RFC6761.
+- Fix #1350: make cachedb backend configurable (from JINMEI Tatuya).
+- Fix tests to use .tdir (from Manu Bretelle) instead of .tpkg.
+- upgrade aclocal(pkg.m4 0.29.1), config.guess(2016-10-02),
+  config.sub(2016-09-05).
+- annotate case statement fallthrough for gcc 7.1.1.
+- flex output from flex 2.6.1.
+- snprintf of thread number does not warn about truncated string.
+- squelch TCP fast open error on FreeBSD when kernel has it disabled,
+  unless verbosity is high.
+- remove warning from windows compile.
+- Fix compile with libnettle
+- Fix DSA configure switch (--disable dsa) for libnettle and libnss.
+- Fix #1365: Add Ed25519 support using libnettle.
+- Fix #1394: mix of serve-expired and response-ip could cause a crash.
+- Remove unused iter_env member (ip6arpa_dname)
+- Do not reset rrset.bogus stats when called using stats_noreset.
+- Do not add rrset_bogus and query ratelimiting stats per thread, these
+  module stats are global.
+- Fix #1397: Recursive DS lookups for AS112 zones names should recurse.
+- Fix #1398: make cachedb secret configurable.
+- Remove spaces from Makefile.
+- Fix issue on macOX 10.10 where TCP fast open is detected but not
+  implemented causing TCP to fail. The fix allows fallback to regular
+  TCP in this case and is also more robust for cases where connectx()
+  fails for some reason.
+- Fix #1402: squelch invalid argument error for fd_set_block on windows.
+- Fix to reclaim tcp handler when it is closed due to dnscrypt buffer
+  allocation failure.
+- Fix #1415: patch to free dnscrypt environment on reload.
+- iana portlist update
+- Small fixes for the shared secret cache patch.
+- Fix WKS records on kvm autobuild host, with default protobyname
+  entries for udp and tcp.
+- Fix #1414: fix segfault on parse failure and log_replies.
+- zero qinfo in handle_request, this zeroes local_alias and also the
+  qname member.
+- new keys and certs for dnscrypt tests.
+- fixup WKS test on buildhost without servicebyname.
+- updated contrib/fastrpz.patch to apply with configparser changes.
+- Fix 1416: qname-minimisation breaks TLSA lookups with CNAMEs.
+- Fix #1424: cachedb:testframe is not thread safe.
+- Fix #1417: [dnscrypt] shared secret cache counters, and works when
+  dnscrypt is not enabled.  And cache size configuration option.
+- Fix #1418: [ip ratelimit] initialize slabhash using
+  ip-ratelimit-slabs.
+- Recommend 1472 buffer size in unbound.conf
+
+-------------------------------------------------------------------
+Mon Aug 21 10:38:49 UTC 2017 - michael@stroeder.com
+
+- update to 1.6.5
+  * Fix install of trust anchor when two anchors are present, makes both
+    valid.  Checks hash of DS but not signature of new key.  This fixes
+    installs between sep11 and oct11 2017.
+
 -------------------------------------------------------------------
 Tue Aug  8 19:02:38 UTC 2017 - jengelh@inai.de
 
diff --git a/libunbound-devel-mini.spec b/libunbound-devel-mini.spec
index 3fee9a2..6f800c3 100644
--- a/libunbound-devel-mini.spec
+++ b/libunbound-devel-mini.spec
@@ -24,7 +24,7 @@
 
 #
 Name:           libunbound-devel-mini
-Version:        1.6.4
+Version:        1.6.6
 Release:        0
 #
 #
diff --git a/unbound-1.6.4.tar.gz b/unbound-1.6.4.tar.gz
deleted file mode 100644
index da0a4a1..0000000
--- a/unbound-1.6.4.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:df0a88816ec31ccb8284c9eb132e1166fbf6d9cde71fbc4b8cd08a91ee777fed
-size 5477897
diff --git a/unbound-1.6.6.tar.gz b/unbound-1.6.6.tar.gz
new file mode 100644
index 0000000..bb67625
--- /dev/null
+++ b/unbound-1.6.6.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:972b14dc33093e672652a7b2b5f159bab2198b0fe9c9e1c5707e1895d4d4b390
+size 5460482
diff --git a/unbound.changes b/unbound.changes
index 4664629..fb42809 100644
--- a/unbound.changes
+++ b/unbound.changes
@@ -1,3 +1,92 @@
+-------------------------------------------------------------------
+Mon Sep  4 16:17:44 UTC 2017 - michael@stroeder.com
+
+- update to 1.6.6
+
+Features:
+- unbound-control dump_infra prints port number for address if not 53.
+- Fix #1344: RFC6761-reserved domains: test. and invalid.
+- Fix #1349: allow suppression of pidfiles (from Daniel Kahn Gillmor).
+  With the -p option unbound does not create a pidfile.
+- Added stats for queries that have been ratelimited by domain
+  recursion.
+- Patch to show DNSCrypt status in help output, from Carsten
+  Strotmann.
+- Fix #1407: Add ECS options check to unbound-checkconf.
+- Fix #1415: [dnscrypt] shared secret cache, patch from
+  Manu Bretelle.
+
+Bug Fixes:
+- fixup of dnscrypt_cert_chacha test (from Manu Bretelle).
+- First fix for zero b64 and hex text zone format in sldns.
+- Better fixup of dnscrypt_cert_chacha test for different escapes.
+- Fix that infra cache host hash does not change after reconfig.
+- Fix python example0 return module wait instead of error for pass.
+- enhancement for hardened-tls for DNS over TLS.  Removed duplicated
+  security settings.
+- Fix for unbound-checkconf, check ipsecmod-hook if ipsecmod is turned
+  on.
+- Fix #1331: libunbound segfault in threaded mode when context is
+  deleted.
+- Fix pythonmod link line option flag.
+- Fix openssl 1.1.0 load of ssl error strings from ssl init.
+- Fix 1332: Bump verbosity of failed chown'ing of the control socket.
+- Redirect all localhost names to localhost address for RFC6761.
+- Fix #1350: make cachedb backend configurable (from JINMEI Tatuya).
+- Fix tests to use .tdir (from Manu Bretelle) instead of .tpkg.
+- upgrade aclocal(pkg.m4 0.29.1), config.guess(2016-10-02),
+  config.sub(2016-09-05).
+- annotate case statement fallthrough for gcc 7.1.1.
+- flex output from flex 2.6.1.
+- snprintf of thread number does not warn about truncated string.
+- squelch TCP fast open error on FreeBSD when kernel has it disabled,
+  unless verbosity is high.
+- remove warning from windows compile.
+- Fix compile with libnettle
+- Fix DSA configure switch (--disable dsa) for libnettle and libnss.
+- Fix #1365: Add Ed25519 support using libnettle.
+- Fix #1394: mix of serve-expired and response-ip could cause a crash.
+- Remove unused iter_env member (ip6arpa_dname)
+- Do not reset rrset.bogus stats when called using stats_noreset.
+- Do not add rrset_bogus and query ratelimiting stats per thread, these
+  module stats are global.
+- Fix #1397: Recursive DS lookups for AS112 zones names should recurse.
+- Fix #1398: make cachedb secret configurable.
+- Remove spaces from Makefile.
+- Fix issue on macOX 10.10 where TCP fast open is detected but not
+  implemented causing TCP to fail. The fix allows fallback to regular
+  TCP in this case and is also more robust for cases where connectx()
+  fails for some reason.
+- Fix #1402: squelch invalid argument error for fd_set_block on windows.
+- Fix to reclaim tcp handler when it is closed due to dnscrypt buffer
+  allocation failure.
+- Fix #1415: patch to free dnscrypt environment on reload.
+- iana portlist update
+- Small fixes for the shared secret cache patch.
+- Fix WKS records on kvm autobuild host, with default protobyname
+  entries for udp and tcp.
+- Fix #1414: fix segfault on parse failure and log_replies.
+- zero qinfo in handle_request, this zeroes local_alias and also the
+  qname member.
+- new keys and certs for dnscrypt tests.
+- fixup WKS test on buildhost without servicebyname.
+- updated contrib/fastrpz.patch to apply with configparser changes.
+- Fix 1416: qname-minimisation breaks TLSA lookups with CNAMEs.
+- Fix #1424: cachedb:testframe is not thread safe.
+- Fix #1417: [dnscrypt] shared secret cache counters, and works when
+  dnscrypt is not enabled.  And cache size configuration option.
+- Fix #1418: [ip ratelimit] initialize slabhash using
+  ip-ratelimit-slabs.
+- Recommend 1472 buffer size in unbound.conf
+
+-------------------------------------------------------------------
+Mon Aug 21 10:38:49 UTC 2017 - michael@stroeder.com
+
+- update to 1.6.5
+  * Fix install of trust anchor when two anchors are present, makes both
+    valid.  Checks hash of DS but not signature of new key.  This fixes
+    installs between sep11 and oct11 2017.
+
 -------------------------------------------------------------------
 Tue Aug  8 19:02:38 UTC 2017 - jengelh@inai.de
 
diff --git a/unbound.spec b/unbound.spec
index d729fc4..bb07b03 100644
--- a/unbound.spec
+++ b/unbound.spec
@@ -53,7 +53,7 @@
 %endif
 
 Name:           unbound
-Version:        1.6.4
+Version:        1.6.6
 Release:        0
 #
 #