6.12
 - Cleanup generated files by make tidy
 - Add more CC warning option to debug mode
 - Report syntax error messages immediately
 - Suppress false syntax error messages
 - Add configure summary for the ipset userspace tool
 - Add dynamic module support to ipset userspace tool
   (Neutron Soutmun)
 - Move ipset_port_usage() into lib (Neutron Soutmun)
 - Fix invalid assignment to const void pointer (bug reported by Seblu)
 - Remove unused variables (warnings fixed)
 - Fix timeout value overflow bug at large timeout parameters
   (bug reported by Andreas Herz)
 - Improve ipset help text messages (Mr Dash Four)

6.11
 - Support hostnames and service names with dash
 - Exceptions support added to hash:*net* types
 - Log warning when a hash type of set gets full
 - Set types moved into libipset library
 - Library map file added in order to support library versioning
 - doc: Linux 2.6.39 already has the defs (Jan Engelhardt)
 - build: install libipset in the right place (Jan Engelhardt)
 - Provide a pkgconfig file (Jan Engelhardt)
 - build: make distcheck work and use POSIX mode for tarball generation
   (Jan Engelhardt)
 - build: install libipset/linux_ip_set_list.h (Jan Engelhardt)
 - build: include libipset/nfproto.h (Jan Engelhardt)
 - build: process include/libipset/ (Jan Engelhardt)
 - build: use AC_CONFIG_AUX_DIR and stash away tools (Jan Engelhardt)
 - Update .gitignore (Jan Engelhardt)

6.10
 - Tests added to check ICMP/ICMPv6 type/code parsing
 - ICMP/ICMPv6 type/code parser bug fixed (bug reported by Sabitov)
 - ipset: fix lookup of tcp port names (Stephen Hemminger)
 - Optionally disable building the kernel module (Mathieu Bridon)
 - Make tidy complete

6.9
 - build: move ipset_errcode into library (Jan Engelhardt)
 - build: abort autogen on subcommand failure (Jan Engelhardt)
 - ipset: use NFPROTO_ constants (Jan Engelhardt)
 - Propagate "expose userspace-relevant parts in ip_set.h" to ipset source

6.8
 - Update the manpage and document the limits in hash:net,iface.
 - README file corrections from Richard Lucassen

6.7
 - Whitespace and coding fixes, detected by checkpatch.pl
 - hash:net,iface type introduced
 - hash:* tests may seem to fail due to the too wide grep pattern, fix them
 - Remove iptree tests and compatibility element parsing
 - hash:net test may seem to fail due to the too wide grep pattern, fix it
 - Fix long time uncovered bug at adding string attributes to the netlink
   messages
 - Fix warnings reported by valgrind
 - Remove supporting set types iptree and iptreemap

6.6
 - Restore with bitmap:port and list:set types did not work, fixed
 - Accept "\r\n" terminated COMMIT command in restore files
 - Fix the message sequence number book-keeping
 - Protocol-level debugging support added
 - hash:net stress test in range notation added
 - ipset_mnl_query: in debug mode print the errno returned by the cb
   function
 - Accept "\r\n" terminated lines in restore files
 - Remove outdated checking of IPv6 support from configure.ac

6.5
 - Support range for IPv4 at adding/deleting elements for hash:*net* types
 - Disable type revisions which are not supported both by the kernel and
   ipset
 - Update ipset help text to reflect SCTP and UDPLITE support
 - Ignore -n flag (list just setnames) when sets are to be saved

6.4
 - Get rid of the trailing empty line at listing sets
 - Fix XML listing, remove broken unused "elements" tag
 - Support listing setnames and headers too
 - Sorting is dependent on the locale settings, use LC_ALL=C
 - Use unified diff output in tests

6.3
 - Testsuite changes: keep temporary files
 - bitmap:ip,mac type requires "src" for MAC: manpage is updated to reflect
   the change
 - Testsuite checks added (SET target and dir parameter checks)

6.2
 - Manpage update

6.1
 - Manpage was not installed (reported by Mark A. Ziesemer)
 - SCTP, UDPLITE support to the hash:*port* types added

6.0
 - Print protocol version together with ipset version
 - Testsuite compatibility with debugging enabled
 - Allow "new" as a commad alias to "create"
 - ipset: improve command argument parsing (Holger Eitzenberger)
 - ipset: avoid the unnecessary argv[] loop (Holger Eitzenberger)
 - ipset: pass ipset_arg argument pointer (Holger Eitzenberger)
 - Separate ipset errnos completely from system ones and bump protocol
   version
 - Fix the spelling error fix :-) (Ferenc Wagner)
 - Resolving IP addresses did not work at listing/saving sets, fixed
 - ipset: fix spelling error (Holger Eitzenberger)
 - ipset: fix the Netlink sequence number (Holger Eitzenberger)
 - ipset: turn Set name[] into a const pointer (Holger Eitzenberger)
 - Check ICMP and ICMPv6 with the set match and target in the testsuite
 - Avoid possible syntax clashing at saving hostnames

5.3
 - Set the non-debug compiling the default
 - Testsuite fix of ospf replaced with vrrp.
 - Fix build with NDEBUG defined (Holger Eitzenberger)
 - Do session initialization once (Holger Eitzenberger)
 - Make IPv4 and IPv6 address handling similar (Holger Eitzenberger)
 - Show correct line numbers in restore output for parser errors
   (Holger Eitzenberger)
 - Replace ospf with vrrp in the testsuite
 - Remove autogenerated files (Jan Engelhardt)
 - Use only AC_CANONICAL_HOST (Jan Engelhardt)

5.2
 - Handle internal printing errors
 - Use cast to void * instead of memcpy as Sparc workaround at sockaddr_XXX
   (suggested by Jan Engelhardt)
 - Listing/saving of large sets could produce broken listing, fixed.
 - Support libtool < 2.2

5.1
 - Test cases for IPv6 restore and more complex restore sessions added
 - Restore mode did not work for IPv6, fixed (reported by Elie Rosenblum)
 - libipset: static annotations (Jan Engelhardt)
 - libipset: const annotations (Jan Engelhardt)
 - libipset: remove redundant casts (Jan Engelhardt)
 - libipset: remove redundant indirection via union name (Jan Engelhardt) 
 - libipset: ipset_strncpy is really a strlcpy-type operation
   (Jan Engelhardt)
 - Prevent calling Makefile directly in the kernel/ subdirectory
 - Put back the Sparc specific workaround at getaddrinfo
   (reported by Jan Engelhardt)
 - Check old system kernel header files
 - Check from `configure` that the kernel source is patched with
   netlink.patch
 - Use configure to detect compiler warning flags
 - Try to solve PKG_CHECK_MODULES issue (reported by Rob Sterenborg)
 - Fix incorrect comparison in check_allowed (reported by Jan Engelhardt)

5.0
 - New main branch - ipset completely rewritten

4.2
  - Checking null entries when listing/saving hash types of sets
    deleted because it's unnecessary and can mask possible errors.

4.1
  - Manpage fixes and corrections (Jan Engelhardt)

4.0
  - New protocol is introduced to handle aligment issues properly
    (bug reported by Georg Chini)
  - Binding support is removed

3.1
  - Correct format specifiers and change %i to %d (Jan Engelhardt)

3.0
  - New kernel-userspace protocol release
  - Bigendian and 64/32bit fixes (Stefan Gula, bugzilla id 593)
  - tests/runtests.sh changed to support old bash shells

2.5.0
  - On parisc architecture cast increases required aligment (bugzilla
    id 582), fixed.
  - Respect LDFLAGS settings at compile time (Peter Volkov).

2.4.8
  - In order to disable the extra warning flags, NO_EXTRA_WARN_FLAGS
    variable added to userspace Makefile

2.4.5
  - Some compiler warning options are too aggressive and
    therefore disabled.

2.4.4
  - Premature checking prevents to add valid elements to hash
    types, fixed (bug reported by JC Janos).
  - Local variable shadows another variable, fixed (reported
    by Jan Engelhardt).
  - More compiler warning options added and warnings fixed.

2.4.3
  - Include file <limits.h> was missing from userspace set type
    modules, reported by Krzysztof Oledzki and Sven Wegener.

2.4.2
  - Only kernel part changes, see kernel/ChangeLog

2.4.1
  - macipmap type reported misleading deprecated separator
    tokens and printed the old one at listing set elements
    (bug reported by Krzysztof Oledzki)
  - Warn only once about deprecated separator tokens in
    restore mode.

2.4
  - Added KBUILD_OUTPUT support (Sven Wegener)
  - Fix memory leak in ipset_iptreemap (Sven Wegener)
  - Fix multiple compiler warnings (Sven Wegener)
  - ipportiphash, ipportnethash and setlist types added
  - binding marked as deprecated functionality
  - element separator token changed to ',' in anticipating
    IPv6 addresses, old separator tokens are still supported
  - unnecessary includes removed
  - ipset does not try to resolve IP addresses when listing
    the content of sets (default changed)
  - manpage updated
  - ChangeLog forked for kernel part

2.3.3a
 - Fix to compile ipset with 2.4.26.x tree statically (bug reported by
   G.W. Haywood)

2.3.3
 - compatibility for the 2.6.x kernel tree improved and compiler warnings
   fixed (Jan Engelhardt)
 - compatibility fixes for the 2.4.36.x kernel tree added

2.3.2
 - including limits.h for UINT_MAX is required with glibc-2.8 (pud)
 - needless cast from and to void pointers cleanups in iptreemap (Sven Wegener)
 - Initial ipset release with kernel modules included.

2.3.1
 - segfault on --unbind :all: :all: fixed (reported by bugzilla,
   report and patch sent by Tom Eastep)
 - User input parameters are sanitized everywhere
 - Initial testsuite added and 'test' target to the Makefile
   added: few bugs discovered and fixed
   - typo in macipmap type prevented to use max size set of this type
   - *map types are made sure to allow and use max size of sets

2.3.0
 - jiffies rollover bug in iptree type fixed (reported by Lukasz Nierycho
   and others)
 - endiannes bug in iptree type fixed (spotted by Jan Engelhardt)
 - iptreemap type added (submitted by Sven Wegener)  
 - 2.6.22/23 compatibility fixes (Jeremy Jacque)
 - typo fixes in ipset (Neville D)
 - separator changed to ':' from '%' (old one still supported) in ipset

2.2.9a
 - use correct type (socklen_t) for getsockopt (H. Nakano)
 - incorrect return codes fixed (Tomasz Lemiech, Alexey Bortnikov)
 - kernel header dependency removed (asm/bitops.h)
 - ipset now tries to load in the ip_set kernel module if the protocol
   is not available

2.2.9
 - 'ipset -N' did not generate proper return code
 - 'limit' module parameter added to the kernel modules of the
   iphash, ipporthash, nethash and iptree type of sets so that
   the maximal number of elements can now be limited
 - zero valued entries (port 0 or IP address 0.0.0.0) were
   detected as members of the hash/tree kind of sets
   (reported by Andrew Kraslavsky)
 - list and save operations used the external identifier
   of the sets for the bindings instead of the internal one
   (reported by Amin Azez)

2.2.8
 - Nasty off-by-one bug fixed in iptree type of sets
   (bug reported by Pablo Sole)

2.2.7
 All patches were submitted by Jones Desougi
 - missing or confusing error message fixes for ipporthash
 - minor correction in debugging in nethash
 - copy-paste bug in kernel set types at memory allocation
   checking fixed
 - unified memory allocations in ipset

2.2.6
 - memory allocation in iptree is changed to GFP_ATOMIC because
   we hold a lock (bug reported by Radek Hladik)
 - compatibility fix: __nocast is not defined in all 2.6 branches
   (problem reported by Ming-Ching Tiew)
 - manpage corrections

2.2.5
 - garbage collector of iptree type of sets is fixed: flushing
   sets/removing kernel module could corrupt the timer
 - new ipporthash type added
 - manpage fixes and corrections

2.2.4
 - half-fixed memory allocation bug in iphash and nethash finally
   completely fixed (bug reported by Nikolai Malykh)
 - restrictions to enter zero-valued entries into all non-hash type sets
   were removed
 - Too strict check on the set size of ipmap type was corrected 

2.2.3
 - memory allocation bug in iphash and nethash in connection with the SET
   target was fixed (bug reported by Nikolai Malykh)
 - lockhelp.h was removed from the 2.6.13 kernel tree, ip_set.c is
   updated accordingly (Cardoso Didier, Samir Bellabes)
 - manpage is updated to clearly state the command order in restore mode

2.2.2
 - Jiffies rollover bug in ip_set_iptree reported and fixed by Rob Nielsen
 - Compiler warning in the non-SMP case fixed (Marcus Sundberg)
 - slab cache names shrunk in order to be compatible with 2.4.* (Marcus
   Sundberg)

2.2.1
 - Magic number in ip_set_nethash.h was mistyped (bug reported by Rob
   Carlson)
 - ipset can now test IP addresses in nethash type of sets (i.e. addresses
   in netblocks added to the set)

2.2.0
 - Locking bug in ip_set_nethash.c (Clifford Wolf and Rob Carlson)
 - Makefile contained an unnecessary variable in IPSET_LIB_DIR (Clifford
   Wolf)
 - Safety checkings of restore in ipset was incomplete (Robin H. Johnson)
 - More careful resizing by avoiding locking completely
 - stdin stored internally in a temporary file, so we can feed 'ipset -R'
   from a pipe
 - iptree maptype added

2.1
 - Lock debugging used with debugless lock definiton (Piotr Chytla and
   others).
 - Bindings were not properly filled out at listing (kernel)
 - When listing sets from kernel, id was not added to the set structure
   (ipset)
 - nethash maptype added
 - ipset manpage corrections (macipmap)

2.0.1
 - Missing -fPIC in Makefile (Robert Iakobashvili)
 - Cut'n'paste bug at saving macipmap types (Vincent Bernat).
 - Bug in printing/saving SET targets reported and fixed by Michal
   Pokrywka

2.0
 - Chaining of sets are changed: child sets replaced by bindings
 - Kernel-userspace communication reorganized to minimize the number
   of syscalls
 - Save and restore functionality implemented
 - iphash type reworked: clashing resolved by double-hashing and by
   dynamically growing the set

1.0
 - Renamed to ipset
 - Rewritten to support child pools
 - portmap, iphash pool support added
 - too much other mods here and there to list...