Document known/corrected problems.

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall/changelog.txt

@@ -1,3 +1,7 @@
+Changes in Shorewall 4.4.12.3
+
+1)  Correct SAME
+
 Changes in Shorewall 4.4.12.2
 
 1)  Add tweak to 4.4.12.1 optimization fix.

Shorewall/known_problems.txt

@@ -35,3 +35,18 @@
     generate valid but incorrect iptables (ip6tables) input.
 
     Corrected in Shorewall 4.4.12.2 -- these rules are now disallowed.
+
+9)  When a comma-separated list of 'src' and/or 'dst' was specified in
+    an ipset invocation (e.g., "+fooset[src,src]), all but the first 'src'
+    or 'dst' was previously ignored when generating the resulting
+    iptables rule.
+
+    Workaround: If you simply need src,src or dst,dst, you can use the
+    alternative syntax. Instead of +fooset[src,src], use +fooset[2] in
+    the SOURCE column or +fooset[2] in the DEST column.
+
+10) Since Shorewall 4.4.9, the SAME target in tcrules has generated
+    invalid iptables-restore (ip6tables-restore) input.
+
+    Workaround: None Available. Will be corrected in Shorewall 4.4.13.
+

Shorewall/releasenotes.txt

@@ -1,5 +1,5 @@
 ----------------------------------------------------------------------------
-                   S H O R E W A L L  4 . 4 . 1 2 . 2
+                   S H O R E W A L L  4 . 4 . 1 2 . 3
 ----------------------------------------------------------------------------
 
 I.    RELEASE 4.4 HIGHLIGHTS
@@ -224,6 +224,13 @@ VI.   PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
 I I I.  P R O B L E M S   C O R R E C T E D   I N   T H I S  R E L E A S E
 ----------------------------------------------------------------------------
 
+4.4.12.3
+
+1)  When a comma-separated list of 'src' and/or 'dst' was specified in
+    an ipset invocation (e.g., "+fooset[src,src]), all but the first 'src'
+    or 'dst' was previously ignored when generating the resulting
+    iptables rule.
+
 4.4.12.2
 
 1)  Earlier releases allowed CONTINUE rules with exclusion. These rules