Hi, please bump net-firewall/ipset to v6.25.1 (6.24 is the version currently in tree) which was tagged on 2015-06-25. ChangeLog: 6.25.1 - Kernel part changes - net/netfilter/ipset: work around gcc-4.4.4 initializer bug (Andrew Morton) - Userspace changes - ipset manpage: refer to iptables-extensions - Update userspace header file from the kernel tree - Handle 'extern "C" {' in check_libmap.sh 6.25 - Kernel part changes - Add element count to all set types header - Add element count to hash headers (Eric B Munson) - implement nla_put_in_addr and nla_put_in6_addr (Jiri Benc) - deinline ip_set_put_extensions() (Denys Vlasenko) - Fix error path in mtype_resize() when new hash bucket cannot be allocated - There is no need to call synchronize_rcu() after list_add_rcu() - Fix typo in function name get_phyoutdev_name() - Separate memsize calculation code into dedicated functions (originally from Sergey Popovich) - Split extensions into separate files (originally from Sergey Popovich) - Improve comment extension helpers (originally from Sergey Popovich) - Improve skbinfo get/init helpers (originally from Sergey Popovich) - Headers file cleanup (originally from Sergey Popovich) - Correct rcu_dereference_bh_nfnl() usage (originally from Sergey Popovich) - add helpers for fetching physin/outdev (Florian Westphal) - When a single set is destroyed, make sure it can't be grabbed by dump - In comment extension ip_set_comment_free() is always called in a safe path - Add rcu_barrier() to module removal in the bitmap types too - Fix coding styles reported by the most recent checkpatch.pl - Make sure bitmap:ip,mac detects the proper MAC even when it's overwritten - RCU safe comment extension handling - Make sure the proper is_destroyed value is checked at dumping - Fix broken commit "Check extensions attributes before getting extensions." - Improve preprocessor macros checks (Sergey Popovich) - Fix hashing for ipv6 sets (Sergey Popovich) - Fix ext_*() macros so pointers returned by these macros could be referenced directly (Sergey Popovich) - Check for comment netlink attribute length (Sergey Popovich) - Return bool values instead of int (Sergey Popovich) - Check CIDR value only when attribute is given (Sergey Popovich) - Make sure we always return line number on batch (Sergey Popovich) - Permit CIDR equal to the host address CIDR in IPv6 (Sergey Popovich) - Use HOST_MASK literal to represent host address CIDR len (Sergey Popovich) - Check IPSET_ATTR_PORT only once (Sergey Popovich) - Check extensions attributes before getting extensions (Sergey Popovich) - Use SET_WITH_*() helpers to test set extensions (Sergey Popovich) - Return ipset error instead of bool (Sergey Popovich) - Preprocessor directices cleanup (Sergey Popovich) - No need to make nomatch bitfield (Sergey Popovich) - Make sure bit operations are not reordered - Properly calculate extensions offsets and total length (Sergey Popovich) - Fix cidr handling for hash:*net* types, reported by Jonathan Johnson - fix boolreturn.cocci warnings (Fengguang Wu) - make ip_set_get_ip*_port to use skb_network_offset (Alexander Drozdov) - Make sure listing doesn't grab a set which is just being destroyed. - Missing rcu_read_lock() and _unlock() in mtype_list() fixed - Fix coding styles reported by checkpatch.pl - Use nlmsg_total_size instead of NLMSG_SPACE in ip_set_core.c - There's no need to call synchronize_rcu() with kfree_rcu() - Call rcu_barrier() in module removal path - Call synchronize_rcu() in set type (un)register functions only when needed - Remove an unused macro - Give a better name to a macro in ip_set_core.c - Resolve the STREQ macro to make the code more readable, and use nla_strlcpy where possible - Use MSEC_PER_SEC consistently - Remove unnecessary integer RCU handling and fix other sparse warnings - Fix sparse warning "cast to restricted __be32" - Userspace changes - Add element count to all set types header - Add element count to hash headers (Eric B Munson) - Support linking libipset to C++ programs (reported by Pavel Odintsov) - ipset: propose rewording in manpage (Neutron Soutmun) - More compatibility checking and simplifications to support the 2.6.32 kernel tree - Compatibility: define RCU_INIT_POINTER when __rcu is not defined - Compatibility: check kernel source for list_last_entry (CentOS7, reported by Ricardo Klein) - Make possible to pass extra flags to sparse Reproducible: Always
Latest version is now 6.27. Could you please bump the latest one?
6.29 was released 6 weeks ago: http://ipset.netfilter.org/changelog.html
Created attachment 436340 [details] ipset-6.29.ebuild It's really not difficult to version bump, so why hasn't it?
(In reply to Jon from comment #3) > Created attachment 436340 [details] > ipset-6.29.ebuild > > It's really not difficult to version bump, so why hasn't it? because I hadn't actually tested it until today... commit 484498f47913afcc44e9d3219a457e044eebe8d1