diff --git a/iodine-0.6.0-rc1.tar.gz b/iodine-0.6.0-rc1.tar.gz
deleted file mode 100644
index 6b23837..0000000
--- a/iodine-0.6.0-rc1.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:dacf950198b68fd1dae09fe980080155b0c75718f581c08e069eee0c1b6c5e60
-size 89827
diff --git a/iodine-0.7.0.tar.gz b/iodine-0.7.0.tar.gz
new file mode 100644
index 0000000..bdefc34
--- /dev/null
+++ b/iodine-0.7.0.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ad2b40acf1421316ec15800dcde0f587ab31d7d6f891fa8b9967c4ded93c013e
+size 96181
diff --git a/iodine-fix-makefile-prefix.patch b/iodine-fix-makefile-prefix.patch
index 8a9b601..b06d9e0 100644
--- a/iodine-fix-makefile-prefix.patch
+++ b/iodine-fix-makefile-prefix.patch
@@ -2,7 +2,7 @@ diff -Naur a/Makefile b/Makefile
 --- a/Makefile	2009-01-25 15:40:04.000000000 -0600
 +++ b/Makefile	2012-09-06 09:02:31.056193204 -0500
 @@ -1,4 +1,4 @@
--prefix=/usr/local
+-prefix?=/usr/local
 +prefix=$(PREFIX)
  sbindir=$(prefix)/sbin
  datadir=$(prefix)/share
diff --git a/iodine.changes b/iodine.changes
index ffe81b4..d30b6e2 100644
--- a/iodine.changes
+++ b/iodine.changes
@@ -1,3 +1,32 @@
+-------------------------------------------------------------------
+Wed Aug 27 08:34:22 UTC 2014 - wagner-thomas@gmx.at
+
+- separate user for iodined
+- added a default config (bnc#857181) with a chroot directory
+- fixed license string
+- update to 0.7.0
+	- Partial IPv6 support (#107)
+	   Client can connect to iodined through an relaying IPv6
+	   nameserver. Server only supports IPv4 for now.
+	   Traffic inside tunnel is IPv4.
+	- Add socket activation for systemd, by Michael Scherer.
+	- Add automated lookup of external ip (via -n auto).
+	- Bugfix for OS X (Can't assign requested address)
+	- Fix DNS tunneling bug caused by uninitialized variable, #94
+	- Handle spaces when entering password interactively, fixes #93.
+		Patch by Hagar.
+	- Add -R option to set OpenBSD routing domain for the DNS socket.
+		Patch by laurent at gouloum fr, fixes #95.
+	- Add android patches and makefile, from Marcel Bokhorst, fixes #105.
+	- Added missing break in iodine.c, by Pavel Pergamenshchik, #108.
+	- A number of minor patches from Frank Denis, Gregor Herrmann and
+		Barak A. Pearlmutter.
+	- Testcase compilation fixes for OS X and FreeBSD
+	- Do not let sockets be inherited by sub-processes, fixes #99.
+	- Add unspecified RR type (called PRIVATE; id 65399, in private use
+		range). For servers with RFC3597 support. Fixes #97.
+	- Fix authentication bypass vulnerability; found by Oscar Reparaz.
+
 -------------------------------------------------------------------
 Wed Sep 19 01:16:32 UTC 2012 - malcolmlewis@opensuse.org
 
diff --git a/iodine.spec b/iodine.spec
index 6b4e120..f9c9f18 100644
--- a/iodine.spec
+++ b/iodine.spec
@@ -17,13 +17,13 @@
 #
 
 Name:           iodine
-Version:        0.6.0+rc1
+Version:        0.7.0
 Release:        0
-License:        ISC ; Libpng ; Zlib
+License:        ISC
 Summary:        Tunnel IPv4 data through a DNS server
 Url:            http://code.kryo.se/iodine/
 Group:          Productivity/Networking/System
-Source0:        http://code.kryo.se/iodine/iodine-0.6.0-rc1.tar.gz
+Source0:        http://code.kryo.se/iodine/iodine-%{version}.tar.gz
 Source1:        iodine.service
 Source2:        sysconfig.iodine
 Source3:        iodined.service
@@ -33,6 +33,7 @@ Patch0:         iodine-fix-makefile-prefix.patch
 BuildRequires:  systemd
 BuildRequires:  zlib-devel
 Requires(pre):  %fillup_prereq
+PreReq:         /usr/sbin/useradd
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -41,7 +42,7 @@ in different situations where internet access is firewalled, but DNS
 queries are allowed.
 
 %prep
-%setup -q -n %{name}-0.6.0-rc1
+%setup -q -n %{name}-%{version}
 %patch0 -p1
 
 %build
@@ -61,10 +62,14 @@ install -m 0644 %{S:4} %{buildroot}%{_localstatedir}/adm/fillup-templates/
 pushd %{buildroot}%{_mandir}/man8/
 cp %{name}.8 %{name}d.8
 popd
+# make chroot dir
+mkdir -p %{buildroot}/var/lib/iodined
 
 %pre
 %service_add_pre iodine.service
 %service_add_pre iodined.service
+/usr/sbin/useradd -r -d /var/lib/iodined -s /bin/false -c "user for iodine dns tunnel" -g nobody iodined 2> /dev/null || :
+
 
 %post
 %service_add_post iodine.service
@@ -92,5 +97,6 @@ popd
 %{_unitdir}/iodined.service
 %{_mandir}/man8/%{name}.8%{?ext_man}
 %{_mandir}/man8/%{name}d.8%{?ext_man}
+%attr(0700,iodined,nobody)/var/lib/iodined
 
 %changelog
diff --git a/sysconfig.iodine b/sysconfig.iodine
index 335ca03..3782071 100644
--- a/sysconfig.iodine
+++ b/sysconfig.iodine
@@ -18,4 +18,4 @@ IODINE_PASS=""
 # Additional parameters for iodine, see the iodine man page for more options.
 # Example option -P PASSWORD NAMESERVER DOMAIN
 #
-IODINE_OPTIONS=""
\ No newline at end of file
+IODINE_OPTIONS="-u iodine"
diff --git a/sysconfig.iodined b/sysconfig.iodined
index f58f480..5c5452c 100644
--- a/sysconfig.iodined
+++ b/sysconfig.iodined
@@ -10,7 +10,7 @@
 #
 # You may provide a password in two ways, via IODINED_PASS, or provide it in IODINED_OPTIONS
 #
-IODINED_PASS=""
+IODINED_PASS="-P mypass"
 
 ## Type:        string
 ## Default:     ""
@@ -18,4 +18,4 @@ IODINED_PASS=""
 # Additional parameters for iodined, see the iodined man page for more options.
 # Example option -P PASSWORD NAMESERVER DOMAIN
 #
-IODINED_OPTIONS=""
\ No newline at end of file
+IODINED_OPTIONS="-u iodined -c -t /var/lib/iodined -f 10.53.0.1/24 myhost.domain.lan"