d/patches: add patch cherry picked from upstream

Cherry-pick this patch from upstream:

http://git.netfilter.org/iptables/commit/?id=2478b6cbb8112f940cec61ec1e62a598472d33d0



The patch will likely be present in the next upstream release.

Closes: #922973
Signed-off-by: Arturo Borrero Gonzalez <arturo@debian.org>

debian/patches/bug_922973.patch

+From 2478b6cbb8112f940cec61ec1e62a598472d33d0 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <phil@nwl.cc>
+Date: Thu, 7 Feb 2019 22:13:31 +0100
+Subject: xtables-save: Fix table not found error message
+
+First of all, this error message should not appear on stdout, otherwise
+it may end in dump files. Next, with completely empty ruleset, even
+valid table names cause errors. To avoid this, continue operation if the
+not found table is a builtin one.
+
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+Signed-off-by: Florian Westphal <fw@strlen.de>
+---
+ iptables/xtables-save.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c
+index 414a864b..87ebb913 100644
+--- a/iptables/xtables-save.c
++++ b/iptables/xtables-save.c
+@@ -105,8 +105,9 @@ do_output(struct nft_handle *h, const char *tablename, bool counters)
+ 		return !!ret;
+ 	}
+ 
+-	if (!nft_table_find(h, tablename)) {
+-		printf("Table `%s' does not exist\n", tablename);
++	if (!nft_table_find(h, tablename) &&
++	    !nft_table_builtin_find(h, tablename)) {
++		fprintf(stderr, "Table `%s' does not exist\n", tablename);
+ 		return 1;
+ 	}
+ 
+-- 
+cgit v1.2.1
+

debian/patches/series

@@ -7,3 +7,4 @@
 0301-install_iptables_apply.patch
 0401-580941-iptables_apply_update.patch
 format-security_fixes_in_libip[6]t_icmp.patch
+bug_922973.patch