include $(TOPDIR)/rules.mk
PKG_NAME:=haproxy
-PKG_VERSION:=1.5.8
-PKG_RELEASE:=06
+PKG_VERSION:=1.5.9
+PKG_RELEASE:=02
PKG_SOURCE:=haproxy-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://haproxy.1wt.eu/download/1.5/src/
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_MD5SUM:=7bffa1afa069d90ce03b7cd9aa0557cd
+PKG_MD5SUM:=b7672bb6a8aa188a655b418f3c96f65c
PKG_MAINTAINER:=Thomas Heil <heil@terminal-consulting.de>
PKG_LICENSE:=GPL-2.0
--- /dev/null
+From bad3c6f1b6d776e5d9951a3b3054b4dce8922c54 Mon Sep 17 00:00:00 2001
+From: Willy Tarreau <w@1wt.eu>
+Date: Wed, 26 Nov 2014 13:17:03 +0100
+Subject: [PATCH 1/2] BUG/MEDIUM: patterns: previous fix was incomplete
+
+Dmitry Sivachenko <trtrmitya@gmail.com> reported that commit 315ec42
+("BUG/MEDIUM: pattern: don't load more than once a pattern list.")
+relies on an uninitialised variable in the stack. While it used to
+work fine during the tests, if the uninitialized variable is non-null,
+some patterns may be aggregated if loaded multiple times, resulting in
+slower processing, which was the original issue it tried to address.
+
+The fix needs to be backported to 1.5.
+(cherry picked from commit 4deaf39243c4d941998b1b0175bad05b8a287c0b)
+---
+ src/pattern.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/pattern.c b/src/pattern.c
+index 20547f9..208e33a 100644
+--- a/src/pattern.c
++++ b/src/pattern.c
+@@ -2096,7 +2096,7 @@ int pattern_read_from_file(struct pattern_head *head, unsigned int refflags,
+ struct pat_ref *ref;
+ struct pattern_expr *expr;
+ struct pat_ref_elt *elt;
+- int reuse;
++ int reuse = 0;
+
+ /* Lookup for the existing reference. */
+ ref = pat_ref_lookup(filename);
+--
+2.0.4
+
+++ /dev/null
-From 184422d39df1aa27e6ef4c1ae75177489147ec99 Mon Sep 17 00:00:00 2001
-From: Arcadiy Ivanov <arcadiy.ivanov@servicemesh.com>
-Date: Tue, 4 Nov 2014 07:06:13 -0500
-Subject: [PATCH 1/6] BUILD: fix "make install" to support spaces in the
- install dirs
-
-Makefile is unable to install into directories containing spaces.
-(cherry picked from commit 3785311e64792787de78370fa126fd806734f7fe)
----
- Makefile | 14 +++++++-------
- 1 file changed, 7 insertions(+), 7 deletions(-)
-
-diff --git a/Makefile b/Makefile
-index 707037b..9556069 100644
---- a/Makefile
-+++ b/Makefile
-@@ -710,19 +710,19 @@ src/dlmalloc.o: $(DLMALLOC_SRC)
- $(CC) $(COPTS) -DDEFAULT_MMAP_THRESHOLD=$(DLMALLOC_THRES) -c -o $@ $<
-
- install-man:
-- install -d $(DESTDIR)$(MANDIR)/man1
-- install -m 644 doc/haproxy.1 $(DESTDIR)$(MANDIR)/man1
-+ install -d "$(DESTDIR)$(MANDIR)"/man1
-+ install -m 644 doc/haproxy.1 "$(DESTDIR)$(MANDIR)"/man1
-
- install-doc:
-- install -d $(DESTDIR)$(DOCDIR)
-+ install -d "$(DESTDIR)$(DOCDIR)"
- for x in configuration architecture haproxy-en haproxy-fr; do \
-- install -m 644 doc/$$x.txt $(DESTDIR)$(DOCDIR) ; \
-+ install -m 644 doc/$$x.txt "$(DESTDIR)$(DOCDIR)" ; \
- done
-
- install-bin: haproxy haproxy-systemd-wrapper
-- install -d $(DESTDIR)$(SBINDIR)
-- install haproxy $(DESTDIR)$(SBINDIR)
-- install haproxy-systemd-wrapper $(DESTDIR)$(SBINDIR)
-+ install -d "$(DESTDIR)$(SBINDIR)"
-+ install haproxy "$(DESTDIR)$(SBINDIR)"
-+ install haproxy-systemd-wrapper "$(DESTDIR)$(SBINDIR)"
-
- install: install-bin install-man install-doc
-
---
-2.0.4
-
--- /dev/null
+From 1e89acb6be9ba6400fe4defd3b6b2cc94c6667d9 Mon Sep 17 00:00:00 2001
+From: Willy Tarreau <w@1wt.eu>
+Date: Wed, 26 Nov 2014 13:24:24 +0100
+Subject: [PATCH 2/2] BUG/MEDIUM: payload: ensure that a request channel is
+ available
+
+Denys Fedoryshchenko reported a segfault when using certain
+sample fetch functions in the "tcp-request connection" rulesets
+despite the warnings. This is because some tests for the existence
+of the channel were missing.
+
+The fetches which were fixed are :
+ - req.ssl_hello_type
+ - rep.ssl_hello_type
+ - req.ssl_sni
+
+This fix must be backported to 1.5.
+(cherry picked from commit 83f2592bcd2e186beeabcba16be16faaab82bd39)
+---
+ src/payload.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/payload.c b/src/payload.c
+index 4057f6f..f62163c 100644
+--- a/src/payload.c
++++ b/src/payload.c
+@@ -72,6 +72,9 @@ smp_fetch_ssl_hello_type(struct proxy *px, struct session *s, void *l7, unsigned
+
+ chn = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? s->rep : s->req;
+
++ if (!chn)
++ goto not_ssl_hello;
++
+ bleft = chn->buf->i;
+ data = (const unsigned char *)chn->buf->p;
+
+@@ -276,6 +279,9 @@ smp_fetch_ssl_hello_sni(struct proxy *px, struct session *s, void *l7, unsigned
+
+ chn = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? s->rep : s->req;
+
++ if (!chn)
++ goto not_ssl_hello;
++
+ bleft = chn->buf->i;
+ data = (unsigned char *)chn->buf->p;
+
+--
+2.0.4
+
+++ /dev/null
-From 90951497008967f10ba8f9927b53c6e6bc138540 Mon Sep 17 00:00:00 2001
-From: Emeric Brun <ebrun@haproxy.comw>
-Date: Wed, 12 Nov 2014 17:35:37 +0100
-Subject: [PATCH 2/6] BUG/MEDIUM: ssl: fix bad ssl context init can cause
- segfault in case of OOM.
-
-Some SSL context's init functions errors were not handled and
-can cause a segfault due to an incomplete SSL context
-initialization.
-
-This fix must be backported to 1.5.
-(cherry picked from commit 5547615cdac377797ae351a2e024376dbf6d6963)
----
- src/ssl_sock.c | 44 ++++++++++++++++++++++++++++++++++----------
- 1 file changed, 34 insertions(+), 10 deletions(-)
-
-diff --git a/src/ssl_sock.c b/src/ssl_sock.c
-index f8bfbe7..620609f 100644
---- a/src/ssl_sock.c
-+++ b/src/ssl_sock.c
-@@ -2040,15 +2040,29 @@ static int ssl_sock_init(struct connection *conn)
- return -1;
- }
-
-- SSL_set_connect_state(conn->xprt_ctx);
-- if (objt_server(conn->target)->ssl_ctx.reused_sess)
-- SSL_set_session(conn->xprt_ctx, objt_server(conn->target)->ssl_ctx.reused_sess);
--
- /* set fd on SSL session context */
-- SSL_set_fd(conn->xprt_ctx, conn->t.sock.fd);
-+ if (!SSL_set_fd(conn->xprt_ctx, conn->t.sock.fd)) {
-+ SSL_free(conn->xprt_ctx);
-+ conn->xprt_ctx = NULL;
-+ conn->err_code = CO_ER_SSL_NO_MEM;
-+ return -1;
-+ }
-
- /* set connection pointer */
-- SSL_set_app_data(conn->xprt_ctx, conn);
-+ if (!SSL_set_app_data(conn->xprt_ctx, conn)) {
-+ SSL_free(conn->xprt_ctx);
-+ conn->xprt_ctx = NULL;
-+ conn->err_code = CO_ER_SSL_NO_MEM;
-+ return -1;
-+ }
-+
-+ SSL_set_connect_state(conn->xprt_ctx);
-+ if (objt_server(conn->target)->ssl_ctx.reused_sess) {
-+ if(!SSL_set_session(conn->xprt_ctx, objt_server(conn->target)->ssl_ctx.reused_sess)) {
-+ SSL_SESSION_free(objt_server(conn->target)->ssl_ctx.reused_sess);
-+ objt_server(conn->target)->ssl_ctx.reused_sess = NULL;
-+ }
-+ }
-
- /* leave init state and start handshake */
- conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
-@@ -2065,13 +2079,23 @@ static int ssl_sock_init(struct connection *conn)
- return -1;
- }
-
-- SSL_set_accept_state(conn->xprt_ctx);
--
- /* set fd on SSL session context */
-- SSL_set_fd(conn->xprt_ctx, conn->t.sock.fd);
-+ if (!SSL_set_fd(conn->xprt_ctx, conn->t.sock.fd)) {
-+ SSL_free(conn->xprt_ctx);
-+ conn->xprt_ctx = NULL;
-+ conn->err_code = CO_ER_SSL_NO_MEM;
-+ return -1;
-+ }
-
- /* set connection pointer */
-- SSL_set_app_data(conn->xprt_ctx, conn);
-+ if (!SSL_set_app_data(conn->xprt_ctx, conn)) {
-+ SSL_free(conn->xprt_ctx);
-+ conn->xprt_ctx = NULL;
-+ conn->err_code = CO_ER_SSL_NO_MEM;
-+ return -1;
-+ }
-+
-+ SSL_set_accept_state(conn->xprt_ctx);
-
- /* leave init state and start handshake */
- conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
---
-2.0.4
-
+++ /dev/null
-From 9bcc01ae25985dd540080f43b160beab1f1a2bc6 Mon Sep 17 00:00:00 2001
-From: Willy Tarreau <w@1wt.eu>
-Date: Thu, 13 Nov 2014 13:48:58 +0100
-Subject: [PATCH 3/6] BUG/MEDIUM: ssl: force a full GC in case of memory
- shortage
-
-When memory becomes scarce and openssl refuses to allocate a new SSL
-session, it is worth freeing the pools and trying again instead of
-rejecting all incoming SSL connection. This can happen when some
-memory usage limits have been assigned to the haproxy process using
--m or with ulimit -m/-v.
-
-This is mostly an enhancement of previous fix and is worth backporting
-to 1.5.
-(cherry picked from commit fba03cdc5ac6e3ca318b34915596cbc0a0dacc55)
----
- src/ssl_sock.c | 30 ++++++++++++++++++++++++++++++
- 1 file changed, 30 insertions(+)
-
-diff --git a/src/ssl_sock.c b/src/ssl_sock.c
-index 620609f..f50efe5 100644
---- a/src/ssl_sock.c
-+++ b/src/ssl_sock.c
-@@ -2033,9 +2033,16 @@ static int ssl_sock_init(struct connection *conn)
- /* If it is in client mode initiate SSL session
- in connect state otherwise accept state */
- if (objt_server(conn->target)) {
-+ int may_retry = 1;
-+
-+ retry_connect:
- /* Alloc a new SSL session ctx */
- conn->xprt_ctx = SSL_new(objt_server(conn->target)->ssl_ctx.ctx);
- if (!conn->xprt_ctx) {
-+ if (may_retry--) {
-+ pool_gc2();
-+ goto retry_connect;
-+ }
- conn->err_code = CO_ER_SSL_NO_MEM;
- return -1;
- }
-@@ -2044,6 +2051,10 @@ static int ssl_sock_init(struct connection *conn)
- if (!SSL_set_fd(conn->xprt_ctx, conn->t.sock.fd)) {
- SSL_free(conn->xprt_ctx);
- conn->xprt_ctx = NULL;
-+ if (may_retry--) {
-+ pool_gc2();
-+ goto retry_connect;
-+ }
- conn->err_code = CO_ER_SSL_NO_MEM;
- return -1;
- }
-@@ -2052,6 +2063,10 @@ static int ssl_sock_init(struct connection *conn)
- if (!SSL_set_app_data(conn->xprt_ctx, conn)) {
- SSL_free(conn->xprt_ctx);
- conn->xprt_ctx = NULL;
-+ if (may_retry--) {
-+ pool_gc2();
-+ goto retry_connect;
-+ }
- conn->err_code = CO_ER_SSL_NO_MEM;
- return -1;
- }
-@@ -2072,9 +2087,16 @@ static int ssl_sock_init(struct connection *conn)
- return 0;
- }
- else if (objt_listener(conn->target)) {
-+ int may_retry = 1;
-+
-+ retry_accept:
- /* Alloc a new SSL session ctx */
- conn->xprt_ctx = SSL_new(objt_listener(conn->target)->bind_conf->default_ctx);
- if (!conn->xprt_ctx) {
-+ if (may_retry--) {
-+ pool_gc2();
-+ goto retry_accept;
-+ }
- conn->err_code = CO_ER_SSL_NO_MEM;
- return -1;
- }
-@@ -2083,6 +2105,10 @@ static int ssl_sock_init(struct connection *conn)
- if (!SSL_set_fd(conn->xprt_ctx, conn->t.sock.fd)) {
- SSL_free(conn->xprt_ctx);
- conn->xprt_ctx = NULL;
-+ if (may_retry--) {
-+ pool_gc2();
-+ goto retry_accept;
-+ }
- conn->err_code = CO_ER_SSL_NO_MEM;
- return -1;
- }
-@@ -2091,6 +2117,10 @@ static int ssl_sock_init(struct connection *conn)
- if (!SSL_set_app_data(conn->xprt_ctx, conn)) {
- SSL_free(conn->xprt_ctx);
- conn->xprt_ctx = NULL;
-+ if (may_retry--) {
-+ pool_gc2();
-+ goto retry_accept;
-+ }
- conn->err_code = CO_ER_SSL_NO_MEM;
- return -1;
- }
---
-2.0.4
-
+++ /dev/null
-From 1f96a87c4e1412ccdc6cfe81bfd6f20a1782886a Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Cyril=20Bont=C3=A9?= <cyril.bonte@free.fr>
-Date: Sat, 15 Nov 2014 22:41:27 +0100
-Subject: [PATCH 4/6] BUG/MEDIUM: checks: fix conflicts between agent checks
- and ssl healthchecks
-
-Lasse Birnbaum Jensen reported an issue when agent checks are used at the same
-time as standard healthchecks when SSL is enabled on the server side.
-
-The symptom is that agent checks try to communicate in SSL while it should
-manage raw data. This happens because the transport layer is shared between all
-kind of checks.
-
-To fix the issue, the transport layer is now stored in each check type,
-allowing to use SSL healthchecks when required, while an agent check should
-always use the raw_sock implementation.
-
-The fix must be backported to 1.5.
-(cherry picked from commit 9ce1311ebc834e20addc7a8392c0fc4e4ad687b7)
----
- include/types/checks.h | 3 ++-
- include/types/server.h | 1 -
- src/checks.c | 2 +-
- src/server.c | 2 +-
- src/ssl_sock.c | 2 +-
- 5 files changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/include/types/checks.h b/include/types/checks.h
-index a50043b..42b7b07 100644
---- a/include/types/checks.h
-+++ b/include/types/checks.h
-@@ -125,6 +125,7 @@ enum {
- };
-
- struct check {
-+ struct xprt_ops *xprt; /* transport layer operations for health checks */
- struct connection *conn; /* connection state for health checks */
- unsigned short port; /* the port to use for the health checks */
- struct buffer *bi, *bo; /* input and output buffers to send/recv check */
-@@ -132,7 +133,7 @@ struct check {
- struct timeval start; /* last health check start time */
- long duration; /* time in ms took to finish last health check */
- short status, code; /* check result, check code */
-- char desc[HCHK_DESC_LEN]; /* health check descritpion */
-+ char desc[HCHK_DESC_LEN]; /* health check description */
- int use_ssl; /* use SSL for health checks */
- int send_proxy; /* send a PROXY protocol header with checks */
- struct tcpcheck_rule *current_step; /* current step when using tcpcheck */
-diff --git a/include/types/server.h b/include/types/server.h
-index 313f58d..c419b40 100644
---- a/include/types/server.h
-+++ b/include/types/server.h
-@@ -194,7 +194,6 @@ struct server {
-
- struct { /* configuration used by health-check and agent-check */
- struct protocol *proto; /* server address protocol for health checks */
-- struct xprt_ops *xprt; /* transport layer operations for health checks */
- struct sockaddr_storage addr; /* the address to check, if different from <addr> */
- } check_common;
-
-diff --git a/src/checks.c b/src/checks.c
-index 5318f35..84bf0e5 100644
---- a/src/checks.c
-+++ b/src/checks.c
-@@ -1413,7 +1413,7 @@ static int connect_chk(struct task *t)
-
- /* prepare a new connection */
- conn_init(conn);
-- conn_prepare(conn, s->check_common.proto, s->check_common.xprt);
-+ conn_prepare(conn, s->check_common.proto, check->xprt);
- conn_attach(conn, check, &check_conn_cb);
- conn->target = &s->obj_type;
-
-diff --git a/src/server.c b/src/server.c
-index fdb63cc..94a31b6 100644
---- a/src/server.c
-+++ b/src/server.c
-@@ -929,7 +929,7 @@ int parse_server(const char *file, int linenum, char **args, struct proxy *curpr
-
- newsrv->addr = *sk;
- newsrv->proto = newsrv->check_common.proto = protocol_by_family(newsrv->addr.ss_family);
-- newsrv->xprt = newsrv->check_common.xprt = &raw_sock;
-+ newsrv->xprt = newsrv->check.xprt = newsrv->agent.xprt = &raw_sock;
-
- if (!newsrv->proto) {
- Alert("parsing [%s:%d] : Unknown protocol family %d '%s'\n",
-diff --git a/src/ssl_sock.c b/src/ssl_sock.c
-index f50efe5..b73d6f9 100644
---- a/src/ssl_sock.c
-+++ b/src/ssl_sock.c
-@@ -1812,7 +1812,7 @@ int ssl_sock_prepare_srv_ctx(struct server *srv, struct proxy *curproxy)
- if (srv->use_ssl)
- srv->xprt = &ssl_sock;
- if (srv->check.use_ssl)
-- srv->check_common.xprt = &ssl_sock;
-+ srv->check.xprt = &ssl_sock;
-
- srv->ssl_ctx.ctx = SSL_CTX_new(SSLv23_client_method());
- if (!srv->ssl_ctx.ctx) {
---
-2.0.4
-
+++ /dev/null
-From cac307c020db7a938b73d4fef27a3b4ad2ecdf6a Mon Sep 17 00:00:00 2001
-From: Willy Tarreau <w@1wt.eu>
-Date: Tue, 18 Nov 2014 15:04:29 +0100
-Subject: [PATCH 5/6] BUG/MINOR: config: don't inherit the default balance
- algorithm in frontends
-
-Tom Limoncelli from Stack Exchange reported a minor bug : the frontend
-inherits the LB parameters from the defaults sections. The impact is
-that if a "balance" directive uses any L7 parameter in the defaults
-sections and the frontend is in TCP mode, a warning is emitted about
-their incompatibility. The warning is harmless but a valid, sane config
-should never cause any warning to be reported.
-
-This fix should be backported into 1.5 and possibly 1.4.
-(cherry picked from commit 743c128580ee29c8f073b4a29771a5ce715f3721)
----
- src/cfgparse.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/cfgparse.c b/src/cfgparse.c
-index 392a692..40d20ab 100644
---- a/src/cfgparse.c
-+++ b/src/cfgparse.c
-@@ -2003,7 +2003,6 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm)
- curproxy->no_options = defproxy.no_options;
- curproxy->no_options2 = defproxy.no_options2;
- curproxy->bind_proc = defproxy.bind_proc;
-- curproxy->lbprm.algo = defproxy.lbprm.algo;
- curproxy->except_net = defproxy.except_net;
- curproxy->except_mask = defproxy.except_mask;
- curproxy->except_to = defproxy.except_to;
-@@ -2037,6 +2036,7 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm)
- }
-
- if (curproxy->cap & PR_CAP_BE) {
-+ curproxy->lbprm.algo = defproxy.lbprm.algo;
- curproxy->fullconn = defproxy.fullconn;
- curproxy->conn_retries = defproxy.conn_retries;
- curproxy->max_ka_queue = defproxy.max_ka_queue;
---
-2.0.4
-
+++ /dev/null
-From 8ba50128832bb31e95f06fe4cb2bd172f2b945fe Mon Sep 17 00:00:00 2001
-From: Willy Tarreau <w@1wt.eu>
-Date: Tue, 18 Nov 2014 18:49:19 +0100
-Subject: [PATCH 6/6] BUG/MAJOR: frontend: initialize capture pointers earlier
-
-Denys Fedoryshchenko reported and diagnosed a nasty bug caused by TCP
-captures, introduced in late 1.5-dev by commit 18bf01e ("MEDIUM: tcp:
-add a new tcp-request capture directive"). The problem is that we're
-using the array of capture pointers initially designed for HTTP usage
-only, and that this array was only reset when starting to process an
-HTTP request. In a tcp-only frontend, the pointers are not reset, and
-if the capture pool is shared, we can very well point to whatever other
-memory location, resulting in random crashes when tcp-request content
-captures are processed.
-
-The fix simply consists in initializing these pointers when the pools
-are prepared.
-
-A workaround for existing versions consists in either disabling TCP
-captures in tcp-only frontends, or in forcing the frontends to work in
-HTTP mode.
-
-Thanks to Denys for the amount of testing and detailed reports.
-
-This fix must be backported to 1.5.
-(cherry picked from commit 9654e57fac86c773091b892f42015ba2ba56be5a)
----
- src/frontend.c | 14 ++++++++++----
- 1 file changed, 10 insertions(+), 4 deletions(-)
-
-diff --git a/src/frontend.c b/src/frontend.c
-index 3f80774..2928047 100644
---- a/src/frontend.c
-+++ b/src/frontend.c
-@@ -106,11 +106,17 @@ int frontend_accept(struct session *s)
- if (global.tune.client_rcvbuf)
- setsockopt(cfd, SOL_SOCKET, SO_RCVBUF, &global.tune.client_rcvbuf, sizeof(global.tune.client_rcvbuf));
-
-- if (unlikely(s->fe->nb_req_cap > 0 && (s->txn.req.cap = pool_alloc2(s->fe->req_cap_pool)) == NULL))
-- goto out_return; /* no memory */
-+ if (unlikely(s->fe->nb_req_cap > 0)) {
-+ if ((s->txn.req.cap = pool_alloc2(s->fe->req_cap_pool)) == NULL)
-+ goto out_return; /* no memory */
-+ memset(s->txn.req.cap, 0, s->fe->nb_req_cap * sizeof(void *));
-+ }
-
-- if (unlikely(s->fe->nb_rsp_cap > 0 && (s->txn.rsp.cap = pool_alloc2(s->fe->rsp_cap_pool)) == NULL))
-- goto out_free_reqcap; /* no memory */
-+ if (unlikely(s->fe->nb_rsp_cap > 0)) {
-+ if ((s->txn.rsp.cap = pool_alloc2(s->fe->rsp_cap_pool)) == NULL)
-+ goto out_free_reqcap; /* no memory */
-+ memset(s->txn.rsp.cap, 0, s->fe->nb_rsp_cap * sizeof(void *));
-+ }
-
- if (s->fe->http_needed) {
- /* we have to allocate header indexes only if we know
---
-2.0.4
-