From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sat, 21 Sep 2019 11:22:19 +0000 (+0200)
Subject: 5.3-stable patches
X-Git-Tag: v5.3.2~67
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f2de500c2573c239d5a361dcdefb3172bfcf4e3e;p=thirdparty%2Fkernel%2Fstable-queue.git

5.3-stable patches

added patches:
	netfilter-add-missing-is_enabled-config_nf_tables-check-to-header-file.patch
---

diff --git a/queue-5.3/netfilter-add-missing-is_enabled-config_nf_tables-check-to-header-file.patch b/queue-5.3/netfilter-add-missing-is_enabled-config_nf_tables-check-to-header-file.patch
new file mode 100644
index 00000000000..532b2e513f9
--- /dev/null
+++ b/queue-5.3/netfilter-add-missing-is_enabled-config_nf_tables-check-to-header-file.patch
@@ -0,0 +1,45 @@
+From 47e640af2e492cc28778dd6f894d50313f7fba75 Mon Sep 17 00:00:00 2001
+From: Jeremy Sowden <jeremy@azazel.net>
+Date: Wed, 7 Aug 2019 15:17:01 +0100
+Subject: netfilter: add missing IS_ENABLED(CONFIG_NF_TABLES) check to header-file.
+
+From: Jeremy Sowden <jeremy@azazel.net>
+
+commit 47e640af2e492cc28778dd6f894d50313f7fba75 upstream.
+
+nf_tables.h defines an API comprising several inline functions and
+macros that depend on the nft member of struct net.  However, this is
+only defined is CONFIG_NF_TABLES is enabled.  Added preprocessor checks
+to ensure that nf_tables.h will compile if CONFIG_NF_TABLES is disabled.
+
+Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Link: https://lore.kernel.org/netfilter-devel/20190920094925.aw7actk4tdnk3rke@salvia/T/
+Fixes: 3c171f496ef5 ("netfilter: bridge: add connection tracking system")
+Reported-by: Adam Borowski <kilobyte@angband.pl>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/net/netfilter/nf_tables.h |    4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/include/net/netfilter/nf_tables.h
++++ b/include/net/netfilter/nf_tables.h
+@@ -1206,6 +1206,8 @@ void nft_trace_notify(struct nft_tracein
+ #define MODULE_ALIAS_NFT_OBJ(type) \
+ 	MODULE_ALIAS("nft-obj-" __stringify(type))
+ 
++#if IS_ENABLED(CONFIG_NF_TABLES)
++
+ /*
+  * The gencursor defines two generations, the currently active and the
+  * next one. Objects contain a bitmask of 2 bits specifying the generations
+@@ -1279,6 +1281,8 @@ static inline void nft_set_elem_change_a
+ 	ext->genmask ^= nft_genmask_next(net);
+ }
+ 
++#endif /* IS_ENABLED(CONFIG_NF_TABLES) */
++
+ /*
+  * We use a free bit in the genmask field to indicate the element
+  * is busy, meaning it is currently being processed either by
diff --git a/queue-5.3/series b/queue-5.3/series
new file mode 100644
index 00000000000..12cc92ac29b
--- /dev/null
+++ b/queue-5.3/series
@@ -0,0 +1 @@
+netfilter-add-missing-is_enabled-config_nf_tables-check-to-header-file.patch