The following Fedora 28 Security updates need testing:
Age URL
171
https://bodhi.fedoraproject.org/updates/FEDORA-2018-d510cfd7eb
jgraphx-3.6.0.0-6.fc28
120
https://bodhi.fedoraproject.org/updates/FEDORA-2018-d7aeaa74da
nodejs-brace-expansion-1.1.11-1.fc28
119
https://bodhi.fedoraproject.org/updates/FEDORA-2018-bc073fdc1a
nodejs-atob-2.1.1-1.fc28
112
https://bodhi.fedoraproject.org/updates/FEDORA-2018-9dd3f7c013
unrtf-0.21.9-8.fc28
80
https://bodhi.fedoraproject.org/updates/FEDORA-2018-28e9841baf
docker-latest-1.13.1-37.git9cb56fd.fc28
23
https://bodhi.fedoraproject.org/updates/FEDORA-2018-1735cbc422 CImg-2.3.6-1.fc28
7
https://bodhi.fedoraproject.org/updates/FEDORA-2018-cc9adc4808
python-marshmallow-2.11.1-8.fc28
7
https://bodhi.fedoraproject.org/updates/FEDORA-2018-381ab64b59
haproxy-1.8.14-1.fc28
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-f1ca41a1a6
php-tcpdf-6.2.25-1.fc28
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-4f9f4d26f0
libmad-0.15.1b-26.fc28
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-f22b937f52
bind-9.11.4-10.P2.fc28
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-d0dff2abaa
opensc-0.19.0-1.fc28
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-70fac49405
liblouis-2.6.2-16.fc28
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-f4558a5180
php-horde-Horde-Core-2.31.6-1.fc28
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-05d08fddf8
exempi-2.4.5-4.fc28
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-0071ad34f4 rust-1.29.1-2.fc28
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-520062dcb8
php-horde-horde-5.2.20-1.fc28
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-0edb45d9db
kernel-headers-4.18.10-200.fc28 kernel-tools-4.18.10-200.fc28 kernel-4.18.10-200.fc28
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-1c9f3f4d9e
php-horde-kronolith-4.2.25-1.fc28
The following Fedora 28 Critical Path updates have yet to be approved:
Age URL
9
https://bodhi.fedoraproject.org/updates/FEDORA-2018-33c28dc24f
dash-0.5.10.2-1.fc28
7
https://bodhi.fedoraproject.org/updates/FEDORA-2018-fab540a5d2
libguestfs-1.38.6-1.fc28
7
https://bodhi.fedoraproject.org/updates/FEDORA-2018-a59b06df46
glusterfs-4.1.5-1.fc28
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-8ec5f8ed8b pcre2-10.32-3.fc28
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-0edb45d9db
kernel-headers-4.18.10-200.fc28 kernel-tools-4.18.10-200.fc28 kernel-4.18.10-200.fc28
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-05d08fddf8
exempi-2.4.5-4.fc28
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-ceecb4b128 xen-4.10.2-1.fc28
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-ecf764c0dc
openssh-7.8p1-3.fc28
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-fab4056465
gnutls-3.6.4-1.fc28
The following builds have been pushed to Fedora 28 updates-testing
ansible-2.6.5-1.fc28
dgit-6.12-1.fc28
dpdk-17.11.2-2.fc28
elfutils-0.174-1.fc28
gnome-shell-extension-media-player-indicator-0-0.21.20180918gitd3201ea.fc28
gnome-shell-extension-netspeed-3.28-0.5.20180210gite3cea60.fc28
golang-github-thejerf-suture-3.0.0-1.fc28
golang-github-xtaci-smux-1.0.8-1.fc28
hub-2.5.1-1.fc28
jitterentropy-2.1.2-3.fc28
libxcrypt-4.2.1-1.fc28
lightdm-1.28.0-2.fc28
mediawiki-1.29.3-1.fc28
openas2-2.6.2-2.fc28
python-arpy-1.1.1-1.fc28
python-markdown2-2.3.6-1.fc28
wsjtx-1.9.1-2.fc28
Details about builds:
================================================================================
ansible-2.6.5-1.fc28 (FEDORA-2018-10484bb059)
SSH-based configuration management, deployment, and task execution system
--------------------------------------------------------------------------------
Update Information:
Update to 2.6.5 bugfix release. See
https://github.com/ansible/ansible/blob/v2.6.5/changelogs/CHANGELOG-v2.6.rst for
a full list of fixed bugs.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 28 2018 Kevin Fenzi <kevin(a)scrye.com> - 2.6.5-1
- Update to 2.6.5.
--------------------------------------------------------------------------------
================================================================================
dgit-6.12-1.fc28 (FEDORA-2018-2d10449d46)
Integration between git and Debian-style archives
--------------------------------------------------------------------------------
Update Information:
- Rebuilt for new upstream version 6.12, fixes rhbz #1634209
--------------------------------------------------------------------------------
ChangeLog:
* Sat Sep 29 2018 Filipe Rosset <rosset.filipe(a)gmail.com> - 6.12-1
- Rebuilt for new upstream version 6.12, fixes rhbz #1634209
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1634209 - dgit-6.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1634209
--------------------------------------------------------------------------------
================================================================================
dpdk-17.11.2-2.fc28 (FEDORA-2018-3350c45b17)
Set of libraries and drivers for fast packet processing
--------------------------------------------------------------------------------
Update Information:
Fix build flags (bz 1548404)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 28 2018 Neil Horman <nhorman(a)redhat.com> - 2:17.11.2-2
- Fix build flags (bz 1548404)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1548404 - dpdk: Partial build flags injection
https://bugzilla.redhat.com/show_bug.cgi?id=1548404
--------------------------------------------------------------------------------
================================================================================
elfutils-0.174-1.fc28 (FEDORA-2018-1eec1f0d17)
A collection of utilities and DSOs to handle ELF files and DWARF data
--------------------------------------------------------------------------------
Update Information:
Fixes CVE-2018-16062, CVE-2018-16402 and CVE-2018-16403. unstrip: Handle
SHT_GROUP sections. strip: Handle mixed (out of order) allocated/non-allocated
sections. elfcompress: Don't rewrite input file if no section data needs
updating. Try harder to keep same file mode bits (suid) on rewrite. libelf,
libdw and all tools now handle extended shnum and shstrndx correctly.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 14 2018 Mark Wielaard <mjw(a)fedoraproject.org> - 0.174-1
- New upstream release
- libelf, libdw and all tools now handle extended shnum and shstrndx
correctly (#1608390).
- elfcompress: Don't rewrite input file if no section data needs
updating. Try harder to keep same file mode bits (suid) on rewrite.
- strip: Handle mixed (out of order) allocated/non-allocated sections.
- unstrip: Handle SHT_GROUP sections.
- backends: RISCV and M68K now have backend implementations to
generate CFI based backtraces.
- Fixes CVE-2018-16062, CVE-2018-16402 and CVE-2018-16403
(#1623753, #1625051, #1625056).
* Tue Jul 31 2018 Florian Weimer <fweimer(a)redhat.com> - 0.173-8
- Rebuild with fixed binutils
* Sun Jul 29 2018 Mark Wielaard <mjw(a)fedoraproject.org> - 0.173-7
- Add elfutils-0.173-strip-alloc-nonalloc.patch (#1609577)
* Tue Jul 24 2018 Mark Wielaard <mjw(a)fedoraproject.org>
- Drop libstdc++-devel BuildRequires. gcc-c++ will pull it in.
* Tue Jul 24 2018 Mark Wielaard <mjw(a)fedoraproject.org> - 0.173-6
- Update elfutils-0.173-annobingroup.patch.
* Sat Jul 21 2018 Mark Wielaard <mjw(a)fedoraproject.org> - 0.173-5
- Add BuildRequires gcc-c++ for demangle support.
- Add elfutils-0.173-annobingroup.patch.
* Sat Jul 21 2018 Mark Wielaard <mjw(a)fedoraproject.org> - 0.173-4
- Add elfutils-0.173-elfcompress.patch (#1607044)
* Thu Jul 12 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.173-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Mon Jul 9 2018 Mark Wielaard <mjw(a)fedoraproject.org> - 0.173-2
- Update elfutils-0.173-new-notes-hack.patch for new annobin note.
- Unbreak cyclic systemd dependency for buildroot container (#1599083)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1625050 - CVE-2018-16402 elfutils: Double-free due to double decompression of
sections in crafted ELF causes crash
https://bugzilla.redhat.com/show_bug.cgi?id=1625050
[ 2 ] Bug #1625055 - CVE-2018-16403 elfutils: Heap-based buffer over-read in
libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash
https://bugzilla.redhat.com/show_bug.cgi?id=1625055
[ 3 ] Bug #1623752 - CVE-2018-16062 elfutils: Heap-based buffer over-read in
libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file
https://bugzilla.redhat.com/show_bug.cgi?id=1623752
--------------------------------------------------------------------------------
================================================================================
gnome-shell-extension-media-player-indicator-0-0.21.20180918gitd3201ea.fc28
(FEDORA-2018-eb0d35fa00)
Control MPRIS2 capable media players: Rhythmbox, Banshee, Clementine and more
--------------------------------------------------------------------------------
Update Information:
- Update to 0-0.21.20180918gitd3201ea - Remove scriptlet glib-compile-schemas:
This scriptlet SHOULD NOT be used in Fedora 24 or later.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 28 2018 Martin Gansser <martinkg(a)fedoraproject.org> -
0-0.21.20180918gitd3201ea
- Update to new git snapshot 0-0.21.20180918gitd3201ea
- Remove scriptlet glib-compile-schemas: This scriptlet SHOULD NOT be used in Fedora 24 or
later.
--------------------------------------------------------------------------------
================================================================================
gnome-shell-extension-netspeed-3.28-0.5.20180210gite3cea60.fc28 (FEDORA-2018-454182da18)
A gnome-shell extension to show speed of the internet
--------------------------------------------------------------------------------
Update Information:
- Add support for gnome 3.30
--------------------------------------------------------------------------------
================================================================================
golang-github-thejerf-suture-3.0.0-1.fc28 (FEDORA-2018-588de0f782)
Supervisor trees for Go
--------------------------------------------------------------------------------
Update Information:
Update to version 3.0.0.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 28 2018 Fabio Valentini <decathorpe(a)gmail.com> - 3.0.0-1
- Update to version 3.0.0.
--------------------------------------------------------------------------------
================================================================================
golang-github-xtaci-smux-1.0.8-1.fc28 (FEDORA-2018-7fbe30bdf9)
Simple Stream Multiplexing for golang
--------------------------------------------------------------------------------
Update Information:
Update to version 1.0.8.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 28 2018 Fabio Valentini <decathorpe(a)gmail.com> - 1.0.8-1
- Update to version 1.0.8.
* Sun Sep 2 2018 Fabio Valentini <decathorpe(a)gmail.com> - 1.0.7-2
- Update to use spec 3.0.
--------------------------------------------------------------------------------
================================================================================
hub-2.5.1-1.fc28 (FEDORA-2018-0f2cdce632)
A command-line wrapper for git with github shortcuts
--------------------------------------------------------------------------------
Update Information:
Update to 2.5.1 `hub issue create`: ignore the .github/ISSUE_TEMPLATE directory
instead of crashing `hub pull-request`: avoid re-requesting reviewers in case
of CODEOWNERS `hub ci-status`: handle cases when Checks API is unavailable,
like older GitHub Enterprise Handle HTTP 422 message format from server
response Ignore crash for malformed ~/.config/hub file Clarify `hub init -g`
documentation that it doesn't imply hub create `hub clone`: add more
documentation about git protocol used
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 28 2018 Stephen Gallagher <sgallagh(a)redhat.com> - 2.5.1-1
- Update to 2.5.1
- hub issue create: ignore the .github/ISSUE_TEMPLATE directory instead of
crashing
- hub pull-request: avoid re-requesting reviewers in case of CODEOWNERS
- hub ci-status: handle cases when Checks API is unavailable, like older
GitHub Enterprise
- Handle HTTP 422 message format from server response
- Ignore crash for malformed ~/.config/hub file
- Clarify hub init -g documentation that it doesn't imply hub create
- hub clone: add more documentation about git protocol used
* Tue Jul 17 2018 Stephen Gallagher <sgallagh(a)redhat.com> - 2.5.0-2
- Fix generation of debuginfo for F29
--------------------------------------------------------------------------------
================================================================================
jitterentropy-2.1.2-3.fc28 (FEDORA-2018-33d2804809)
Library implementing the jitter entropy source
--------------------------------------------------------------------------------
Update Information:
New Package: jitterentropy
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1627510 - Review Request: jitterentropy - cpu based entropy extraction
library
https://bugzilla.redhat.com/show_bug.cgi?id=1627510
--------------------------------------------------------------------------------
================================================================================
libxcrypt-4.2.1-1.fc28 (FEDORA-2018-375b9bbcab)
Extended crypt library for DES, MD5, Blowfish and others
--------------------------------------------------------------------------------
Update Information:
- New upstream release - Add new manpages
--------------------------------------------------------------------------------
ChangeLog:
* Sat Sep 29 2018 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.2.1-1
- New upstream release
- Add new manpages
* Sat Sep 29 2018 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.2.0-1
- New upstream release
--------------------------------------------------------------------------------
================================================================================
lightdm-1.28.0-2.fc28 (FEDORA-2018-e0507831aa)
A cross-desktop Display Manager
--------------------------------------------------------------------------------
Update Information:
Adjust ordering of pam modules to ensure gnome_keyring/kwallet loads after
system-auth
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 26 2018 Rex Dieter <rdieter(a)fedoraproject.org> - 1.28.0-2
- revert over-aggressive use of %name macro
- lightdm.pam: move 'session...system-auth' before gnome_keyring/kwallet
(#1581495,#1631220)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1631220 - Gnome keyring not unlocked on login
https://bugzilla.redhat.com/show_bug.cgi?id=1631220
[ 2 ] Bug #1581495 - lightdm + pam-kwallet causes polkit issues
https://bugzilla.redhat.com/show_bug.cgi?id=1581495
--------------------------------------------------------------------------------
================================================================================
mediawiki-1.29.3-1.fc28 (FEDORA-2018-e022ecbc52)
A wiki engine
--------------------------------------------------------------------------------
Update Information:
https://www.mediawiki.org/wiki/Release_notes/1.29#MediaWiki_1.29.3 -
(T169545, CVE-2018-0503) SECURITY: $wgRateLimits entry for 'user' overrides
'newbie'. - (T194605, CVE-2018-0505) SECURITY: BotPasswords can bypass
CentralAuth's account lock. - (T180551) Fix LanguageSrTest for language
converter - (T180552) Fix langauge converter parser test with self-close tags
- (T180537) Remove $wgAuth usage from wrapOldPasswords.php - (T180485)
InputBox: Have inputbox langconvert certain attributes - (T161732, T181547)
Upgraded Moment.js from v2.15.0 to v2.19.3. - (T172927) Drop vendor from MW
release branch - (T87572) Make FormatMetadata::flattenArrayReal() work for an
associative array - Updated composer/spdx-licenses from 1.1.4 to 1.3.0
(development dependency). - (T189567) the CLI installer
(maintenance/install.php) learned to detect and include extensions. Pass --with-
extensions to enable that feature. - (T182381) Mask deprecated call in
WatchedItemUnitTest - (T190503) Let built-in web server (maintenance/dev)
handle .php requests. - The karma qunit tests would fail on some
configuration due to headers already sent. Check headers_sent() before sending
cpPosTime headers - (T167507) selenium: Run Chrome headlessly. - selenium:
Pass -no-sandbox to Chrome under Docker - (T191247) Use
MediaWiki\SuppressWarnings around trigger_error() instead @ - (T75174,
T161041) Unit test ChangesListSpecialPageTest::testFilterUserExpLevel fails
under SQLite. - (T192584) Stop incorrectly passing USE INDEX to
RecentChange::newFromConds(). - (T179190) selenium: Move test running logic
from package.json to selenium.sh. - (T117839, T193200) PDFHandler: Fix for
pdfinfo changes in poppler-utils 0.48. - Add default edit rate limit of 90
edits/minute for all users. - (T196125) php-memcached 3.0 (provided with PHP
7.0) is now supported. - (T196672) The mtime of extension.json files is now
able to be zero - (T180403) Validate $length in padleft/padright parser
functions. - (T143790) Make $wgEmailConfirmToEdit only affect edit actions. -
(T194237) Special:BotPasswords now requires reauthentication. - (T191608,
T187638) Add 'logid' parameter to Special:Log. - (T176097) resourceloader:
Disable a flaky MessageBlobStoreTest case - (T193829) Indicate when a Bot
Password needs reset. - (T151415) Log email changes. - (T118420) Unbreak
Oracle installer.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 28 2018 Michael Cronenworth <mike(a)cchtml.com> - 1.29.3-1
- Update to 1.29.3
-
https://www.mediawiki.org/wiki/Release_notes/1.29#MediaWiki_1.29.3
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.29.2-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Feb 8 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.29.2-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1634170 - CVE-2018-0504 mediawiki: Information exposure when a log event is
(partially) hidden [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1634170
[ 2 ] Bug #1634167 - CVE-2018-0505 mediawiki: BotPassword can bypass CentralAuth's
account lock [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1634167
[ 3 ] Bug #1634162 - CVE-2018-0503 mediawiki: $wgRateLimits (rate limit / ping limiter)
entry for 'user' overrides that for 'newbie' [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1634162
--------------------------------------------------------------------------------
================================================================================
openas2-2.6.2-2.fc28 (FEDORA-2018-2807a71a57)
Java-based implementation of the EDIINT AS2 standard
--------------------------------------------------------------------------------
Update Information:
New upstream release with some workarounds for MDN related partner braindamage.
Plus, we disable tcp_server by default and set factory passwords to ChangeMe.
---- This is an open Java implementation of the AS2 EDI transport standard. To
test, you need to install multiple instances, or use actual EDI partners. For
instance, if you are an Amazon EDI vendor, you can create a TEST connection to
your openas2 instance and run Amazon tests. You need to use the Java keytool
to create and exchange public keys to identify EDI partners. At some point, I
need to add a Fedora README with more Fedora specific howtos. While this is an
application designed to exchange business EDI documents, you can test by
creating 2 or more instances, and exchanging any arbitrary files. AS2 doesn't
look at the contents of documents other than to compute the hash for signatures.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1633362 - MDN fails to decrypt for some partners
https://bugzilla.redhat.com/show_bug.cgi?id=1633362
[ 2 ] Bug #1478210 - Review Request: openas2 - Java implementation of EDIINT AS2
https://bugzilla.redhat.com/show_bug.cgi?id=1478210
--------------------------------------------------------------------------------
================================================================================
python-arpy-1.1.1-1.fc28 (FEDORA-2018-9061fc257e)
Library for accessing "ar" files
--------------------------------------------------------------------------------
Update Information:
New package for Fedora.
--------------------------------------------------------------------------------
================================================================================
python-markdown2-2.3.6-1.fc28 (FEDORA-2018-dd98177cad)
A fast and complete Python implementation of Markdown
--------------------------------------------------------------------------------
Update Information:
#### python-markdown2 2.3.6 #### - [pull #282] Add TOC depth option - [pull
#283] Fix to add TOC html to output via CLI - [pull #284] Do not remove anchors
in safe_mode - [pull #288] fixing cuddled-lists with a single list item - [pull
#292] Fix Wrong rendering of last list element - [pull #295] link-patterns fix -
[pull #300] Replace a deprecated method - [pull #301] DeprecationWarning:
invalid escape sequence - [pull #302] Fix "make test" in Python 3 - [pull #303]
Fix CVE-2018-5773
--------------------------------------------------------------------------------
ChangeLog:
* Sat Sep 29 2018 Thomas Moschny <thomas.moschny(a)gmx.de> - 2.3.6-1
- Update to 2.3.6.
* Sat Jul 14 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.3.5-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue Jun 19 2018 Miro Hron��ok <mhroncok(a)redhat.com> - 2.3.5-4
- Rebuilt for Python 3.7
* Tue Jun 19 2018 Miro Hron��ok <mhroncok(a)redhat.com> - 2.3.5-3
- Rebuilt for Python 3.7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1536923 - CVE-2018-5773 python-markdown2: Unsanitized input in markdown()
method allows for cross-site scripting (XSS) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1536923
--------------------------------------------------------------------------------
================================================================================
wsjtx-1.9.1-2.fc28 (FEDORA-2018-ec91ca4076)
Weak Signal communication by K1JT
--------------------------------------------------------------------------------
Update Information:
Rebuild for hamlib 3.3.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 28 2018 Richard Shaw <hobbes1069(a)gmail.com> - 1.9.1-2
- Rebuild for hamlib 3.3.
* Sat Jul 14 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.9.1-1.1
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1634049 - Upgrade to hamlib 3.3-1 breaks ICOM 7300
https://bugzilla.redhat.com/show_bug.cgi?id=1634049
--------------------------------------------------------------------------------