diff --git a/.gitmodules b/.gitmodules
index 13f8eb0..7b6b686 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,3 +1,3 @@
 [submodule "upstream"]
 	path = upstream
-	url = https://github.com/unicode-org/icu.git
+	url = https://git.sailfishos.org/mirror/icu.git
diff --git a/rpm/0001-ICU-20958-Prevent-SEGV_MAPERR-in-append.patch b/rpm/0001-ICU-20958-Prevent-SEGV_MAPERR-in-append.patch
new file mode 100644
index 0000000..cea6c66
--- /dev/null
+++ b/rpm/0001-ICU-20958-Prevent-SEGV_MAPERR-in-append.patch
@@ -0,0 +1,121 @@
+From b7d08bc04a4296982fcef8b6b8a354a9e4e7afca Mon Sep 17 00:00:00 2001
+From: Frank Tang <ftang@chromium.org>
+Date: Sat, 1 Feb 2020 02:39:04 +0000
+Subject: [PATCH] ICU-20958 Prevent SEGV_MAPERR in append
+
+See #971
+---
+ icu4c/source/common/unistr.cpp          |  6 ++-
+ icu4c/source/test/intltest/ustrtest.cpp | 62 +++++++++++++++++++++++++
+ icu4c/source/test/intltest/ustrtest.h   |  1 +
+ 3 files changed, 68 insertions(+), 1 deletion(-)
+
+diff --git a/icu4c/source/common/unistr.cpp b/icu4c/source/common/unistr.cpp
+index 901bb3358b..077b4d6ef2 100644
+--- a/icu4c/source/common/unistr.cpp
++++ b/icu4c/source/common/unistr.cpp
+@@ -1563,7 +1563,11 @@ UnicodeString::doAppend(const UChar *srcChars, int32_t srcStart, int32_t srcLeng
+   }
+ 
+   int32_t oldLength = length();
+-  int32_t newLength = oldLength + srcLength;
++  int32_t newLength;
++  if (uprv_add32_overflow(oldLength, srcLength, &newLength)) {
++    setToBogus();
++    return *this;
++  }
+ 
+   // Check for append onto ourself
+   const UChar* oldArray = getArrayStart();
+diff --git a/icu4c/source/test/intltest/ustrtest.cpp b/icu4c/source/test/intltest/ustrtest.cpp
+index b6515ea813..ad38bdf53a 100644
+--- a/icu4c/source/test/intltest/ustrtest.cpp
++++ b/icu4c/source/test/intltest/ustrtest.cpp
+@@ -67,6 +67,7 @@ void UnicodeStringTest::runIndexedTest( int32_t index, UBool exec, const char* &
+     TESTCASE_AUTO(TestWCharPointers);
+     TESTCASE_AUTO(TestNullPointers);
+     TESTCASE_AUTO(TestUnicodeStringInsertAppendToSelf);
++    TESTCASE_AUTO(TestLargeAppend);
+     TESTCASE_AUTO_END;
+ }
+ 
+@@ -2310,3 +2311,64 @@ void UnicodeStringTest::TestUnicodeStringInsertAppendToSelf() {
+     str.insert(2, sub);
+     assertEquals("", u"abbcdcde", str);
+ }
++
++void UnicodeStringTest::TestLargeAppend() {
++    if(quick) return;
++
++    IcuTestErrorCode status(*this, "TestLargeAppend");
++    // Make a large UnicodeString
++    int32_t len = 0xAFFFFFF;
++    UnicodeString str;
++    char16_t *buf = str.getBuffer(len);
++    // A fast way to set buffer to valid Unicode.
++    // 4E4E is a valid unicode character
++    uprv_memset(buf, 0x4e, len * 2);
++    str.releaseBuffer(len);
++    UnicodeString dest;
++    // Append it 16 times
++    // 0xAFFFFFF times 16 is 0xA4FFFFF1,
++    // which is greater than INT32_MAX, which is 0x7FFFFFFF.
++    int64_t total = 0;
++    for (int32_t i = 0; i < 16; i++) {
++        dest.append(str);
++        total += len;
++        if (total <= INT32_MAX) {
++            assertFalse("dest is not bogus", dest.isBogus());
++        } else {
++            assertTrue("dest should be bogus", dest.isBogus());
++        }
++    }
++    dest.remove();
++    total = 0;
++    for (int32_t i = 0; i < 16; i++) {
++        dest.append(str);
++        total += len;
++        if (total + len <= INT32_MAX) {
++            assertFalse("dest is not bogus", dest.isBogus());
++        } else if (total <= INT32_MAX) {
++            // Check that a string of exactly the maximum size works
++            UnicodeString str2;
++            int32_t remain = INT32_MAX - total;
++            char16_t *buf2 = str2.getBuffer(remain);
++            if (buf2 == nullptr) {
++                // if somehow memory allocation fail, return the test
++                return;
++            }
++            uprv_memset(buf2, 0x4e, remain * 2);
++            str2.releaseBuffer(remain);
++            dest.append(str2);
++            total += remain;
++            assertEquals("When a string of exactly the maximum size works", (int64_t)INT32_MAX, total);
++            assertEquals("When a string of exactly the maximum size works", INT32_MAX, dest.length());
++            assertFalse("dest is not bogus", dest.isBogus());
++
++            // Check that a string size+1 goes bogus
++            str2.truncate(1);
++            dest.append(str2);
++            total++;
++            assertTrue("dest should be bogus", dest.isBogus());
++        } else {
++            assertTrue("dest should be bogus", dest.isBogus());
++        }
++    }
++}
+diff --git a/icu4c/source/test/intltest/ustrtest.h b/icu4c/source/test/intltest/ustrtest.h
+index 218befdcc6..4a356a92c7 100644
+--- a/icu4c/source/test/intltest/ustrtest.h
++++ b/icu4c/source/test/intltest/ustrtest.h
+@@ -97,6 +97,7 @@ class UnicodeStringTest: public IntlTest {
+     void TestWCharPointers();
+     void TestNullPointers();
+     void TestUnicodeStringInsertAppendToSelf();
++    void TestLargeAppend();
+ };
+ 
+ #endif
+-- 
+2.25.0
+
diff --git a/rpm/ICU-20246-integer-overflow.patch b/rpm/ICU-20246-integer-overflow.patch
deleted file mode 100644
index 8b54090..0000000
--- a/rpm/ICU-20246-integer-overflow.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-From 53d8c8f3d181d87a6aa925b449b51c4a2c922a51 Mon Sep 17 00:00:00 2001
-From: Shane Carr <shane@unicode.org>
-Date: Mon, 29 Oct 2018 23:52:44 -0700
-Subject: [PATCH] ICU-20246 Fixing another integer overflow in number parsing.
-
-Removed java changes
-
----
- icu4c/source/i18n/fmtable.cpp                          |  2 +-
- icu4c/source/i18n/number_decimalquantity.cpp           |  5 ++++-
- icu4c/source/test/intltest/numfmtst.cpp                |  8 ++++++++
- 6 files changed, 31 insertions(+), 4 deletions(-)
-
-diff --git a/icu4c/source/i18n/fmtable.cpp b/icu4c/source/i18n/fmtable.cpp
-index 45c7024fc29..8601d95f4a6 100644
---- a/icu4c/source/i18n/fmtable.cpp
-+++ b/icu4c/source/i18n/fmtable.cpp
-@@ -734,7 +734,7 @@ CharString *Formattable::internalGetCharString(UErrorCode &status) {
-       // not print scientific notation for magnitudes greater than -5 and smaller than some amount (+5?).
-       if (fDecimalQuantity->isZero()) {
-         fDecimalStr->append("0", -1, status);
--      } else if (std::abs(fDecimalQuantity->getMagnitude()) < 5) {
-+      } else if (fDecimalQuantity->getMagnitude() != INT32_MIN && std::abs(fDecimalQuantity->getMagnitude()) < 5) {
-         fDecimalStr->appendInvariantChars(fDecimalQuantity->toPlainString(), status);
-       } else {
-         fDecimalStr->appendInvariantChars(fDecimalQuantity->toScientificString(), status);
-diff --git a/icu4c/source/i18n/number_decimalquantity.cpp b/icu4c/source/i18n/number_decimalquantity.cpp
-index 47b930a564b..d5dd7ae694c 100644
---- a/icu4c/source/i18n/number_decimalquantity.cpp
-+++ b/icu4c/source/i18n/number_decimalquantity.cpp
-@@ -898,7 +898,10 @@ UnicodeString DecimalQuantity::toScientificString() const {
-     }
-     result.append(u'E');
-     int32_t _scale = upperPos + scale;
--    if (_scale < 0) {
-+    if (_scale == INT32_MIN) {
-+        result.append({u"-2147483648", -1});
-+        return result;
-+    } else if (_scale < 0) {
-         _scale *= -1;
-         result.append(u'-');
-     } else {
-diff --git a/icu4c/source/test/intltest/numfmtst.cpp b/icu4c/source/test/intltest/numfmtst.cpp
-index 34355939113..8d52dc122bf 100644
---- a/icu4c/source/test/intltest/numfmtst.cpp
-+++ b/icu4c/source/test/intltest/numfmtst.cpp
-@@ -9226,6 +9226,14 @@ void NumberFormatTest::Test20037_ScientificIntegerOverflow() {
-     assertEquals(u"Should not overflow and should parse only the first exponent",
-                  u"1E-2147483647",
-                  {sp.data(), sp.length(), US_INV});
-+
-+    // Test edge case overflow of exponent
-+    result = Formattable();
-+    nf->parse(u".0003e-2147483644", result, status);
-+    sp = result.getDecimalNumber(status);
-+    assertEquals(u"Should not overflow",
-+                 u"3E-2147483648",
-+                 {sp.data(), sp.length(), US_INV});
- }
- 
- void NumberFormatTest::Test13840_ParseLongStringCrash() {
-
-
diff --git a/rpm/icu.spec b/rpm/icu.spec
index 83a3e78..881aefb 100644
--- a/rpm/icu.spec
+++ b/rpm/icu.spec
@@ -1,30 +1,23 @@
-%define upstream_version 63.1
+%define upstream_version 66.1
 Name:      icu
 Version:   %{upstream_version}
 Release:   1
 Summary:   International Components for Unicode
-Group:     Development/Tools
 License:   MIT and UCD and Public Domain
 URL:       http://www.icu-project.org/
 Source0:   %{name}-%{version}.tar.gz
-BuildRequires: autoconf, doxygen, fdupes
+BuildRequires: autoconf, doxygen, python3-base
 Requires: lib%{name}%{?_isa} = %{version}-%{release}
-Obsoletes: icu52
 
 Patch1: 0001-disable-failing-test.patch
-# ICU-20246 - fixed in 63.2, 64.1
-Patch2: ICU-20246-integer-overflow.patch
+# CVE-2020-10531
+Patch2: 0001-ICU-20958-Prevent-SEGV_MAPERR-in-append.patch
 
 %description
 Tools and utilities for developing with icu.
 
 %package -n lib%{name}
 Summary: International Components for Unicode - libraries
-Group:   System Environment/Libraries
-Obsoletes: libicu52
-# Older rpm is still dependent on icu52, and will break if this replacement is done before it is upgraded
-Conflicts: rpm < 4.14.1+git8
-Requires(pre): rpm >= 4.14.1+git8
 
 %description -n lib%{name}
 The International Components for Unicode (ICU) libraries provide
@@ -40,18 +33,15 @@ customize the supplied services.
 
 %package  -n lib%{name}-devel
 Summary:  Development files for International Components for Unicode
-Group:    Development/Libraries
 Requires: lib%{name}%{?_isa} = %{version}-%{release}
 Requires: %{name} = %{version}-%{release}
 Requires: pkgconfig
-Obsoletes: libicu52-devel
 
 %description -n lib%{name}-devel
 Includes and definitions for developing with icu.
 
 %package -n lib%{name}-doc
 Summary: Documentation for International Components for Unicode
-Group:   Documentation
 BuildArch: noarch
 
 %description -n lib%{name}-doc
@@ -61,9 +51,7 @@ Documentation and man pages for International Components for Unicode.
 # " this line just fixes syntax highlighting for vim that is confused by the above and continues literal
 
 %prep
-%setup -q -n %{name}-%{version}/upstream
-%patch1 -p1
-%patch2 -p1
+%autosetup -p1 -n %{name}-%{version}/upstream
 
 %build
 cd icu4c/source
@@ -75,17 +63,10 @@ CXXFLAGS='%optflags -fno-strict-aliasing'
 CPPFLAGS='-DU_IS_BIG_ENDIAN=1'
 %endif
 #rhbz856594 do not use --disable-renaming or cope with the mess
-#test
 %configure --with-data-packaging=library --disable-samples --disable-renaming
+
 #rhbz#225896
 sed -i 's|-nodefaultlibs -nostdlib||' config/mh-linux
-#rhbz#681941
-#sed -i 's|^LIBS =.*|LIBS = -L../lib -licuuc -lpthread -lm|' i18n/Makefile
-#sed -i 's|^LIBS =.*|LIBS = -nostdlib -L../lib -licuuc -licui18n -lc -lgcc|' io/Makefile
-#sed -i 's|^LIBS =.*|LIBS = -nostdlib -L../lib -licuuc -lc|' layout/Makefile
-#sed -i 's|^LIBS =.*|LIBS = -nostdlib -L../lib -licuuc -licule -lc|' layoutex/Makefile
-#sed -i 's|^LIBS =.*|LIBS = -nostdlib -L../../lib -licutu -licuuc -lc|' tools/ctestfw/Makefile
-#sed -i 's|^LIBS =.*|LIBS = -nostdlib -L../../lib -licui18n -licuuc -lpthread -lc|' tools/toolutil/Makefile
 #rhbz#813484
 #sed -i 's| \$(docfilesdir)/installdox||' Makefile
 # There is no source/doc/html/search/ directory
@@ -105,8 +86,6 @@ make %{?_smp_mflags} -C icu4c/source install-doc \
      docdir=$RPM_BUILD_ROOT/%{_docdir}/%{name}-%{version}
 chmod +x $RPM_BUILD_ROOT%{_libdir}/*.so.*
 
-%fdupes $RPM_BUILD_ROOT
-
 %check
 # test to ensure that -j(X>1) didn't "break" man pages. b.f.u #2357
 if grep -q @VERSION@ icu4c/source/tools/*/*.8 icu4c/source/tools/*/*.1 icu4c/source/config/*.1; then
diff --git a/upstream b/upstream
index 4689545..5f681ec 160000
--- a/upstream
+++ b/upstream
@@ -1 +1 @@
-Subproject commit 46895456ad1b6660d17eaeba2c101600ad8d8eb8
+Subproject commit 5f681ecbc75898a6484217b322f3883b6d1b2049