shadowsocks-libev-3.3.5-bp155.3.13

- Set permissions as 640 for /etc/shadowsocks (boo#1216372)

- Fix boo#1216372 and boo#1216373, run systemd service as a dedicated user and group

- Added hardening to systemd service(s) (bsc#1181400). Modified:
  * shadowsocks-libev-client.service
  * shadowsocks-libev-client@.service
  * shadowsocks-libev-manager.service
  * shadowsocks-libev-nat.service
  * shadowsocks-libev-nat@.service
  * shadowsocks-libev-redir.service
  * shadowsocks-libev-redir@.service
  * shadowsocks-libev-server.service
  * shadowsocks-libev-server@.service
  * shadowsocks-libev-tunnel.service
  * shadowsocks-libev-tunnel@.service

- Update version to 3.3.5
  * Remove the SNI proxy function.
  * Minor bug fixes. (#2581, #2582, #2590, #2595, #2599,
    [#2600], #2620, #2687, #2692)

- Fix shadowsocks-libev-tunnel.service
- Add some systemd profiles

- Revert back to the distro default compiler (i.e. GCC 10.1 on TW):
  + export CFLAGS+="-fcommon" until upstream makes this code
    compatible to GCC10.

- Update Recommends tag: use shadowsocks-v2ray-plugin instead of simple-obfs
- Fix build on Tumbleweed: don't use gcc10!

- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to
  shortcut through the -mini flavors.

- Update version to 3.3.4
  * Minor bug fixes. (#2539, #2565, #2566, #2577)

- Update version to 3.3.3
  * Refine the handling of suspicious connections.
  * Fix exploitable denial-of-service vulnerability exists in the
    UDPRelay functionality (boo#1158251, CVE-2019-5163)
  * Fix code execution vulnerability in the ss-manager binary
    (boo#1158365, CVE-2019-5164)

- Update version to 3.3.2
  * Refine the handling of fragment request.
  * Minor bug fixes.

- Update version to 3.3.1
  * Fix a high CPU bug introduced in 3.3.0. (#2449)
  * Fix MinGW build. (#2438)
  * Minor bug fixes. (#2402, #2412, #2427, #2443)

- Update version to 3.3.0
  * Enlarge the socket buffer size to 16KB.
  * Fix the empty list bug in ss-manager.
  * Fix the IPv6 address parser.

- Update version to 3.2.5
  * Fix a bug of port parser.

- Fix postun.

- Update version to 3.2.4
  * Fix a crash with MinGW.
  * Refine SIP003 plugin interface.
  * Remove connection timeout from all clients.

- Update version to 3.2.3
  * Fix the alignment bug again.

- Update version to 3.2.2
  * Fix a bug on 32-bit arch.
- Changes in version 3.2.1
  * Add TCP fast open support to ss-tunnel by @PantherJohn.
  * Fix several security issues.

- Update version to 3.2.0
  * Add MinGW support by @linusyang
  * Refine c-ares integration by @xnoreq.
  * Fix building issues with GCC8 by @FlyingheartCN.
  * Minor bug fixes.

- Update version to 3.1.3
  * Fix a bug in UDP relay.

- Instad of removing static libs after the fact, do not even build
  them in the first place.
- Fix RPM groups and spelling errors in the description.

- Update to 3.1.2
  * Fix a bug in DNS resolver.
  * Add new TFO API support.
- Drop fix-Command-Execution-in-ss-manager.patch. Merged by upstream.

- Add fix-Command-Execution-in-ss-manager.patch
  * Fix boo#1065619 and CVE-2017-15924

- Fix Request tag.

- Update to 3.1.0
  * Replace libudns with libc-ares.
- Merge libbloom, libcork and libipset.

- Update to 3.0.8
  * Refine the ping-pong bloom filter.
  * Minor bug fixes by @vfreex, @vlolteanu and @jackyyf.

- Set simple-obfs by Recommends.

- Set simple-obfs by Recommends.

- Update to 3.0.5
  * Drop dependencies of OpenSSL and PolarSSL.
  * Deprecate OTA (One-Time-Auth).
  * Add new ciphers for SIP004: aes-128-gcm, aes-192-gcm, aes-256-gcm,
    chacha20-poly1305 and chacha20-ietf-poly1305.
  * Refine SIP003 to support standalone mode of obfsproxy.
  * Fix a crashe when using stream ciphers.
  * Fix a protocol bug in AEAD ciphers. (SIP004)
  * Allow setting keys directly. (SIP006)
  * Add session key for AEAD. (SIP007)
  * Replace nonce cache with a ping-pong bloom filter.
  * Add CMake files by @wenerme.
  * Support TCP Fast Open in ss-redir by @lqs.
  * Support TOS/DESCP in ss-redir by @sduponch.
  * Refine MPTCP by @sduponch.
  * Fix a bug of TCP Fast Open in ss-redir.

- Use a single call to %service_*

- Fix %pre, %post, %preun and %postun.

- Add system scripts for ss-redir, ss-tunnel, ss-manager and ss-nat.
- Split doc package.

- Update to 2.5.6
  * Add outbound ACL for server by @kimw.
  * Refine log format by @kimw.
  * Refine attack detection.
  * Fix a bug of auto blocking mechanism.
  * Fix TCP Fast Open on macOS.
  * Fix a bug of UDP relay mode of ss-local.
  * Refine ACL feature with hostname support.
  * Add HTTP/SNI parser for ss-local/ss-redir.
  * Fix several bugs of the command line interface.
  * Add aes-128/192/256-ctr ciphers.
  * Add option MTU for UDP relay.
  * Add MultiPath TCP support.
- Fix spec for Fedora.

- update to 2.4.8
  * Fix a security bug.
  * Refine memory management.
  * Minor bug fixes.
  * Fix a potential memory leak.
  * Fix some compiler related issues.
  * Fix build issues on OpenWRT.
  * Reduce the latency of redir mode.
  * Update manual pages by @kimw.
  * Enhance UDP relay mode by @wongsyrone.
  * Add ss-nat, a helper script to set up NAT rules for ss-redir,
    from @aa65535.
  * Fix several issues for debian package by @rogers0.
  * Update manual pages with asciidoc by @anonymous-contributor.
  * Fix issues of bind_address option by @tim-le.

- Update to 2.4.0
  * Refine the one-time authentication.
- Changes of 2.3.3 and 2.3.2
  * Minor bug fixes.
- Changes of 2.3.1
  * Fix an issue of connection cache of UDP relay.
  * Add support of one time authentication for header verification.

- update version 2.3.0
  * add manager mode to support multi-user and traffic stat
- changes in 2.2.3
  * Fix some issues for multi-destination UDP relay

- update version 2.2.2
  * fix the timer of UDP relay

- update version 2.2.1
  * fix an issue of UDF relay.
- changes in 2.2.0
  * add TPROXY support for redir mode.

- systemd service:
  * restart on failure instead of abort
  * enable tcp fast open