-
chromium-browser (43.0.2357.130-0ubuntu0.14.10.1.1134) utopic-security; urgency=medium
[Chad Miller]
* Upstream release 43.0.2357.130:
- CVE-2015-1266: Scheme validation error in WebUI.
- CVE-2015-1268: Cross-origin bypass in Blink.
- CVE-2015-1267: Cross-origin bypass in Blink.
- CVE-2015-1269: Normalization error in HSTS/HPKP preload list.
* debian/tests/smoketest-actual: Capture web-server log so we can
get port and test retreival. Fixes autopkgtest failures.
* debian/patches/widevine-other-locations: Search Chrome install
location to find widevine plugins.
* Use new Flash plugin name in apport collector.
* debian/patches/gpu_default_disabled: Make GPU activation a (default off)
preference instead of blacklisting.
[Iain Lane]
* Test fixes.
* debian/tests/control: Add a test-dep on python3-httplib2 and dbus-x11
which are required by the testsuite.
* debian/tests/smoketest-actual: Redirect webserver-out and webserver-err so
that the test can read these.
-- Chad MILLER <email address hidden> Mon, 29 Jun 2015 15:54:16 -0400
-
chromium-browser (43.0.2357.81-0ubuntu0.14.10.1.1131) utopic-security; urgency=medium
* Upstream release 43.0.2357.81.
- "Icons not displaying properly on Linux" (LP: #1449063)
* Upstream release 43.0.2357.65:
- CVE-2015-1252: Sandbox escape in Chrome.
- CVE-2015-1253: Cross-origin bypass in DOM.
- CVE-2015-1254: Cross-origin bypass in Editing.
- CVE-2015-1255: Use-after-free in WebAudio.
- CVE-2015-1256: Use-after-free in SVG.
- CVE-2015-1251: Use-after-free in Speech.
- CVE-2015-1257: Container-overflow in SVG.
- CVE-2015-1258: Negative-size parameter in Libvpx.
- CVE-2015-1259: Uninitialized value in PDFium.
- CVE-2015-1260: Use-after-free in WebRTC.
- CVE-2015-1261: URL bar spoofing.
- CVE-2015-1262: Uninitialized value in Blink.
- CVE-2015-1263: Insecure download of spellcheck dictionary.
- CVE-2015-1264: Cross-site scripting in bookmarks.
- CVE-2015-1265: Various fixes from internal audits, fuzzing and other
initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch
(currently 4.3.61.21).
* debian/patches/display-scaling-report-hardware-info: removed, unnecessary.
* debian/patches/coordinate-space-map: removed, unnecessary.
* debian/patches/enable_vaapi_on_linux.diff: Temporarily disable patch until
ARM works.
* debian/chromium-browser.sh.in: Add --verbose to get logging info.
* debian/patches/{notifications-nicer,mir-support}: disable unnecessary
patches.
* debian/control, debian/chromium-browser.sh.in: Prompt nothing about
Flash plugin. Send Help clicks to Wiki instead.
-- Chad MILLER <email address hidden> Mon, 01 Jun 2015 15:29:04 -0400
-
chromium-browser (41.0.2272.76-0ubuntu0.14.10.1.1118) utopic-security; urgency=medium
* Upstream release 41.0.2272.76:
- CVE-2015-1212: Out-of-bounds write in media.
- CVE-2015-1213: Out-of-bounds write in skia filters.
- CVE-2015-1214: Out-of-bounds write in skia filters.
- CVE-2015-1215: Out-of-bounds write in skia filters.
- CVE-2015-1216: Use-after-free in v8 bindings.
- CVE-2015-1217: Type confusion in v8 bindings.
- CVE-2015-1218: Use-after-free in dom.
- CVE-2015-1219: Integer overflow in webgl.
- CVE-2015-1220: Use-after-free in gif decoder.
- CVE-2015-1221: Use-after-free in web databases.
- CVE-2015-1222: Use-after-free in service workers.
- CVE-2015-1223: Use-after-free in dom.
- CVE-2015-1230: Type confusion in v8.
- CVE-2015-1224: Out-of-bounds read in vpxdecoder.
- CVE-2015-1225: Out-of-bounds read in pdfium.
- CVE-2015-1226: Validation issue in debugger.
- CVE-2015-1227: Uninitialized value in blink.
- CVE-2015-1228: Uninitialized value in rendering.
- CVE-2015-1229: Cookie injection via proxies.
- CVE-2015-1231: Various fixes from internal audits, fuzzing and other
initiatives.
* Upstream release 40.0.2214.115.
* debian/patches/coordinate-space-map: Backport v43 and unofficial
coordinate mapping to fix some high-dpi problems in popup menu placement.
* debian/apport/chromium-browser.py: Simplify. Use more standard functions
from apport utility. Add CPU usage information. Add bargraph of "running"
processes, so bugpatterns can sort away busy machines, and then classify
remainder according to procline "gpu-vendor=id" param.
* debian/patches/gpu-hangs: Extend the GPU watchdog to 30 seconds. If the
GPU is really hung, the extra time matters little. It's probably not
recoverable. Reviews of apport reports find no common thread among GPUs
vendors. Notes at crbug.com/221882 suggest busy CPUs could trigger hang.
Will additionally use apport bugpatterns to comb dmesg for actual crashes
and route to specific GPU-driver bugs.
-- Chad MILLER <email address hidden> Wed, 04 Mar 2015 10:25:03 -0500
-
chromium-browser (40.0.2214.111-0ubuntu0.14.10.1.1111) utopic-security; urgency=medium
* Upstream release 40.0.2214.111:
- CVE-2015-1209: Use-after-free in DOM.
- CVE-2015-1210: Cross-origin-bypass in V8 bindings.
- CVE-2015-1211: Privilege escalation using service workers.
- CVE-2015-1212: Various fixes from internal audits, fuzzing and other
initiatives.
-- Chad MILLER <email address hidden> Fri, 06 Feb 2015 09:38:15 -0500
-
chromium-browser (40.0.2214.94-0ubuntu0.14.10.1.1110) utopic-security; urgency=medium
* Upstream release 40.0.2214.94.
* Upstream release 40.0.2214.93.
* Upstream release 40.0.2214.91. (LP: #1414753)
- CVE-2014-7923: Memory corruption in ICU.
- CVE-2014-7924: Use-after-free in IndexedDB.
- CVE-2014-7925: Use-after-free in WebAudio.
- CVE-2014-7926: Memory corruption in ICU.
- CVE-2014-7927: Memory corruption in V8.
- CVE-2014-7928: Memory corruption in V8.
- CVE-2014-7930: Use-after-free in DOM.
- CVE-2014-7931: Memory corruption in V8.
- CVE-2014-7929: Use-after-free in DOM.
- CVE-2014-7932: Use-after-free in DOM.
- CVE-2014-7933: Use-after-free in FFmpeg.
- CVE-2014-7934: Use-after-free in DOM.
- CVE-2014-7935: Use-after-free in Speech.
- CVE-2014-7936: Use-after-free in Views.
- CVE-2014-7937: Use-after-free in FFmpeg.
- CVE-2014-7938: Memory corruption in Fonts.
- CVE-2014-7939: Same-origin-bypass in V8.
- CVE-2014-7940: Uninitialized-value in ICU.
- CVE-2014-7941: Out-of-bounds read in UI.
- CVE-2014-7942: Uninitialized-value in Fonts.
- CVE-2014-7943: Out-of-bounds read in Skia.
- CVE-2014-7944: Out-of-bounds read in PDFium.
- CVE-2014-7945: Out-of-bounds read in PDFium.
- CVE-2014-7946: Out-of-bounds read in Fonts.
- CVE-2014-7947: Out-of-bounds read in PDFium.
- CVE-2014-7948: Caching error in AppCache.
* debian/patch/search-credit: Don't force client in GOOG suggestions search.
(LP: #1398900)
* debian/patches/dri3-within-sandbox: Backport V41 sandbox, fixing DRI3.
(LP: #1378627)
* debian/patches/macro-templates-not-match: Remove. No longer necessary.
* debian/patches/arm-neon.patch: Kill armv7=neon assumption. Fix typos.
* debian/rules: chrpath for all packages. (LP: #1415555)
-- Chad MILLER <email address hidden> Fri, 30 Jan 2015 15:48:09 -0500
-
chromium-browser (39.0.2171.65-0ubuntu0.14.10.1.1106) utopic-security; urgency=medium
* Upstream release 39.0.2171.65:
- CVE-2014-7899: Address bar spoofing.
- CVE-2014-7900: Use-after-free in pdfium.
- CVE-2014-7901: Integer overflow in pdfium.
- CVE-2014-7902: Use-after-free in pdfium.
- CVE-2014-7903: Buffer overflow in pdfium.
- CVE-2014-7904: Buffer overflow in Skia.
- CVE-2014-7905: Flaw allowing navigation to intents that do not have the
BROWSABLE category.
- CVE-2014-7906: Use-after-free in pepper plugins.
- CVE-2014-0574: Double-free in Flash.
- CVE-2014-7907: Use-after-free in blink.
- CVE-2014-7908: Integer overflow in media.
- CVE-2014-7909: Uninitialized memory read in Skia.
- CVE-2014-7910: Various fixes from internal audits, fuzzing and other
initiatives.
* debian/patches/search-credit.patch: Include "client" in google search
prepopulated template's parameters.
* debian/tests/testdata/9-search-credit.sikuli: Verify search URL has
parameter.
* debian/source/lintian-overrides: Ignore android tools we don't use.
* debian/chromium-browser-dbg.lintian-overrides: Ignore libraries that we
configure to have no symbols in builder (because they are humongous
otherwise).
* debian/control: Bump standards version. Version dep "bash". Remove
duplicate language from package descriptions.
* debian/tests/testdata/1-normal-extension-active.sikuli/: Destroy test
for dead NPAPI unity-webapps extension.
-- Chad MILLER <email address hidden> Sat, 22 Nov 2014 14:06:34 -0500
-
chromium-browser (38.0.2125.111-0ubuntu0.14.10.1.1103) utopic-security; urgency=medium
* Upstream release 38.0.2125.111.
* Upstream release 38.0.2125.104.
* Upstream release 38.0.2125.101: (LP: #1310163)
- CVE-2014-3188: A special thanks to Jüri Aedla for a combination of V8 and
IPC bugs that can lead to remote code execution outside of the sandbox.
- CVE-2014-3189: Out-of-bounds read in PDFium.
- CVE-2014-3190: Use-after-free in Events.
- CVE-2014-3191: Use-after-free in Rendering.
- CVE-2014-3192: Use-after-free in DOM.
- CVE-2014-3193: Type confusion in Session Management.
- CVE-2014-3194: Use-after-free in Web Workers.
- CVE-2014-3195: Information Leak in V8.
- CVE-2014-3196: Permissions bypass in Windows Sandbox.
- CVE-2014-3197: Information Leak in XSS Auditor.
- CVE-2014-3198: Out-of-bounds read in PDFium.
- CVE-2014-3199: Release Assert in V8 bindings.
- CVE-2014-3200: Various fixes from internal audits, fuzzing and other
initiatives (Chrome 38).
* debian/rules: Prefer GCC 4.8 when compiling. 4.9 remains buggy.
* Make the verification step in clean make more compare-able output.
* debian/patches/configuration-directory.patch: Account for new location of
policies directory in /etc . Change back. (LP: #1373802)
* debian/patches/lp-translations-paths: Map old third_party filenames to
new name after processor compiles.
* debian/rules: Fix patch-translations rule, workflow.
* debian/patches/macro-templates-not-match: Anonymous struct isn't sizable.
* debian/chromium-browser.sh.in: Fix broken logic of CHROMIUM_USER_FLAGS,
which has never worked. (LP: #1381644)
* debian/patches/disable-sse: Disable more SSE #includes.
* debian/rules: Omit unnecessary files from packaging.
* debian/chromium-browser.sh.in: Fix variable name bug and suggest
~/.chromium-browser.init file over hamfisted CHROMIUM_USER_FLAGS.
* debian/patches/5-desktop-integration-settings.patch: Adapt to new settings
APIs.
chromium-browser (37.0.2062.120-0ubuntu1) utopic; urgency=low
* Upstream release 37.0.2062.120:
- CVE-2014-3178: Use-after-free in rendering. Credit to miaubiz.
- CVE-2014-3179: Various fixes from internal audits, fuzzing and other
initiatives.
* debian/rules: Simplify and rearrange.
* debian/rules, debian/known_gyp_flags: Keep better track of known GYP flags,
so we can fail when something changes unexpectedly.
* debian/rules: Fix up patch-translations rule.
chromium-browser (37.0.2062.94-0ubuntu1) utopic; urgency=low
* Upstream release 37.0.2062.94.
- CVE-2014-3165: Use-after-free in Blink websockets.
- CVE-2014-3176, CVE-2014-3177: A combination of bugs in V8, IPC, sync, and
extensions that can lead to remote code execution outside of the sandbox.
- CVE-2014-3168: Use-after-free in SVG.
- CVE-2014-3169: Use-after-free in DOM.
- CVE-2014-3170: Extension permission dialog spoofing.
- CVE-2014-3171: Use-after-free in bindings.
- CVE-2014-3172: Issue related to extension debugging.
- CVE-2014-3173: Uninitialized memory read in WebGL.
- CVE-2014-3174: Uninitialized memory read in Web Audio.
- CVE-2014-3175: Various fixes from internal audits, fuzzing and other
initiatives.
- CVE-2014-3176, CVE-2014-3177: Interaction of extensions, IPC, the sync
API, and Google V8 to execute arbitrary code.
* Fix a shell bug in the binary-wrapper that prevented USER flags
from working properly.
* debian/control: Suggests chromiumflashplugin .
* debian/apport: Significant cleanup.
* debian/rules: Disable SSE instructions on x86 to avoid SIGILL on some CPUs.
(LP: #1353185)
* debian/checkout-orig-source.mk: Don't include src/ prefix in orig tarball.
* debian/patches/*: refresh line numbers.
* debian/patches/search-credit.patch,
debian/patches/additional-search-engines.patch: Track source files moved.
* debian/patches/ffmpeg-gyp-config.patch,
debian/patches/fix-gyp-space-in-object-filename-exception.patch,
debian/patches/gyp-icu-m32-test:
Disabled. No longer needs fixing.
* debian/control: build-dep on openssl.
* debian/patches/disable-sse2: Don't require SSE/SSE2 CPU features on x86.
(LP: #1353185)
* debian/rules: Use built-in PDF support. (LP: #513745, #1009902)
-- Chad MILLER <email address hidden> Wed, 15 Oct 2014 14:22:55 -0400
-
chromium-browser (37.0.2062.94-0ubuntu1~pkg1065) utopic; urgency=medium
* Release to stage
chromium-browser (37.0.2062.94-0ubuntu1) UNRELEASED; urgency=low
* Upstream release 37.0.2062.94.
- CVE-2014-3165: Use-after-free in Blink websockets.
- CVE-2014-3176, CVE-2014-3177: A combination of bugs in V8, IPC, sync, and
extensions that can lead to remote code execution outside of the sandbox.
- CVE-2014-3168: Use-after-free in SVG.
- CVE-2014-3169: Use-after-free in DOM.
- CVE-2014-3170: Extension permission dialog spoofing.
- CVE-2014-3171: Use-after-free in bindings.
- CVE-2014-3172: Issue related to extension debugging.
- CVE-2014-3173: Uninitialized memory read in WebGL.
- CVE-2014-3174: Uninitialized memory read in Web Audio.
- CVE-2014-3175: Various fixes from internal audits, fuzzing and other
initiatives.
- CVE-2014-3176, CVE-2014-3177: Interaction of extensions, IPC, the sync
API, and Google V8 to execute arbitrary code.
* Fix a shell bug in the binary-wrapper that prevented USER flags
from working properly.
* debian/control: Suggests chromiumflashplugin .
* debian/apport: Significant cleanup.
* debian/rules: Disable SSE instructions on x86 to avoid SIGILL on some CPUs.
(LP: #1353185)
* debian/checkout-orig-source.mk: Don't include src/ prefix in orig tarball.
* debian/patches/*: refresh line numbers.
* debian/patches/search-credit.patch,
debian/patches/additional-search-engines.patch: Track source files moved.
* debian/patches/ffmpeg-gyp-config.patch,
debian/patches/fix-gyp-space-in-object-filename-exception.patch,
debian/patches/gyp-icu-m32-test:
Disabled. No longer needs fixing.
* debian/control: build-dep on openssl.
* debian/patches/disable-sse2: Don't require SSE/SSE2 CPU features on x86.
(LP: #1353185)
* debian/rules: Use built-in PDF support. (LP: #513745, #1009902)
chromium-browser (36.0.1985.143-0ubuntu1) utopic; urgency=low
* Upstream release 36.0.1985.143:
- CVE-2014-3165: Use-after-free in web sockets.
- CVE-2014-3166: Information disclosure in SPDY.
- CVE-2014-3167: Various fixes from internal audits, fuzzing and other
initiatives.
* debian/rules: Avoid some unnecessary warning of invalid mv.
* debian/control: Build-depends on libxkbcommon-dev.
* debian/rules: Don't use tcmalloc on i386.
* debian/control, debian/rules: Build-dep on, and use, compiler 4.8
toolchain, since 4.9 seems to be broken.
* debian/control: Don't have (unused) shlibs-depends on -dbg packages
and non-binary packages.
* debian/chromium-browser-codecs-ffmpeg-extra.dirs,
debian/chromium-browser-codecs-ffmpeg.dirs: Removed. Unused.
* debian/chromium-browser.lintian-overrides,
debian/chromium-codecs-ffmpeg-extra-dbg.lintian-overrides,
debian/chromium-codecs-ffmpeg-extra.lintian-overrides,
debian/chromium-codecs-ffmpeg.lintian-overrides,
debian/source/lintian-overrides: Add lintian overrides.
-- Chad MILLER <email address hidden> Sun, 31 Aug 2014 14:26:29 -0400
-
chromium-browser (36.0.1985.143-0ubuntu1~pkg1042) utopic; urgency=medium
* Release to stage
chromium-browser (36.0.1985.143-0ubuntu1) utopic; urgency=low
* Upstream release 36.0.1985.143:
- CVE-2014-3165: Use-after-free in web sockets.
- CVE-2014-3166: Information disclosure in SPDY.
- CVE-2014-3167: Various fixes from internal audits, fuzzing and other
initiatives.
* debian/rules: Avoid some unnecessary warning of invalid mv.
* debian/control: Build-depends on libxkbcommon-dev.
* debian/rules: Don't use tcmalloc on i386.
* debian/control, debian/rules: Build-dep on, and use, compiler 4.8
toolchain, since 4.9 seems to be broken.
-- Chad MILLER <email address hidden> Tue, 19 Aug 2014 09:58:18 -0400
-
chromium-browser (36.0.1985.125-0ubuntu2) utopic; urgency=low
* Upstream release 36.0.1985.125:
- CVE-2014-3160: Same-Origin-Policy bypass in SVG.
- CVE-2014-3162: Various fixes from internal audits, fuzzing and other
initiatives.
* debian/patches/*: Moved more gtk related changes to aura code.
* debian/control: Build-dep version of ninja-build should be recent.
* debian/patches/gyp-icu-m32-test: Smarter g++ test, no "echo |bad".
* Skip version -0ubuntu1 because Trusty postdates it.
-- Chad MILLER <email address hidden> Thu, 07 Aug 2014 17:22:20 -0400
-
chromium-browser (35.0.1916.153-0ubuntu1~pkg1029) utopic; urgency=medium
* Release to stage
chromium-browser (35.0.1916.153-0ubuntu1) UNRELEASED; urgency=low
* debian/patches/display-scaling-default-value: Make default scale 1:1
when no gsettings information is available. (LP: #1302155)
* debian/patches/title-bar-default-system.patch-v34: Make window
title-bar frame default to system-provided instead of custom. Again.
* debian/patches/fix-gyp-space-in-object-filename-exception.patch: Make
is deprecated, and not well supported, but we still need it.
* debian/chromium-browser.sh.in, debian/chromium-browser.dirs: Speed up
chromium startup by avoiding execution of unnecessary programs for real
this time, and also, add a place in /etc for other packages to hook into
chromium safely.
* debian/chromium-browser-customization-example,
debian/chromium-browser.sh.in: Add support for better customization of
chromium by other packages. Files in /etc/chromium-browser/customizations/
are sourced at startup time.
* debian/patches/notifications-nicer: Make buggy background-mode processes
off by default.
* 7-npapi-permission-not-defaults-to-unauthorized.patch: Fix misapplication.
Put inside linux test, not chromeos test.
* Upstream release 35.0.1916.153.
* Upstream release 34.0.1847.137:
- CVE-2014-1740: Use-after-free in WebSockets.
- CVE-2014-1741: Integer overflow in DOM ranges.
- CVE-2014-1742: Use-after-free in editing.
* Upstream release 35.0.1916.114:
- CVE-2014-1743: Use-after-free in styles.
- CVE-2014-1744: Integer overflow in audio.
- CVE-2014-1745: Use-after-free in SVG.
- CVE-2014-1746: Out-of-bounds read in media filters.
- CVE-2014-1747: UXSS with local MHTML file.
- CVE-2014-1748: UI spoofing with scrollbar.
- CVE-2014-1749: Various fixes from internal audits, fuzzing and other
initiatives.
- CVE-2014-3152: Integer underflow in V8 fixed in version 3.25.28.16.
* debian/rules: Re-enable SSE for x86.
* debian/control: Add build-dep on libkrb5-dev.
* debian/patches/gyp-make-generator-reenabled.
* Reenable webapps patches 3,5,6,7.
* Remove old, unnecessary files, debian/cdbs, debian/cdbs/scons.mk,
debian/cdbs/tarball.mk, debian/enable-dist-patches.pl,
debian/keep-alive.sh
* Remove OS condition in webapps desktop integration patches. We know
the OS.
chromium-browser (34.0.1847.116-0ubuntu2) trusty; urgency=medium
* Don't recommend pepperflashplugin-nonfree, which is in multiverse. (LP:
#1307606)
chromium-browser (34.0.1847.116-0ubuntu1) trusty; urgency=low
* New upstream release 34.0.1847.116:
- CVE-2014-1716: UXSS in V8.
- CVE-2014-1717: OOB access in V8.
- CVE-2014-1718: Integer overflow in compositor.
- CVE-2014-1719: Use-after-free in web workers.
- CVE-2014-1720: Use-after-free in DOM.
- CVE-2014-1721: Memory corruption in V8.
- CVE-2014-1722: Use-after-free in rendering.
- CVE-2014-1723: Url confusion with RTL characters.
- CVE-2014-1724: Use-after-free in speech.
- CVE-2014-1725: OOB read with window property.
- CVE-2014-1726: Local cross-origin bypass.
- CVE-2014-1727: Use-after-free in forms.
- CVE-2014-1728: Various fixes from internal audits, fuzzing and other
initiatives.
- CVE-2014-1729: Multiple vulnerabilities in V8 fixed in version
3.24.35.22.
+ Now ignores "autocomplete=off" in web forms. (LP: #1294325)
* debian/rules: Enable high-DPI. Enable touch support. These require
using Aura toolkit.
* debian/patches/gsettings-display-scaling: Get scaling factor from
gsettings.
* debian/patches/touch: Enable touch on XInput2 slave pointer touch devices.
* debian/rules, debian/chromium-browser.sh.in: If lib dir contains a dir
matching our version, then use version dir as the new lib dir. This
is an attempto to mitigate version upgrade hangs.
* debian/chromium-browser.sh.in: Add a command line parameter to diasble
pinch gestures.
* debian/patches/display-scaling-default-value: Set default scaling to 1
on hardware, because hardware often lies, but should be recoverable at 1:1.
* debian/patches/display-scaling-report-hardware-info: Log hardware reports.
* debian/rules: Emit messages on a timer to prevent dumb build-bots from
killing long, silent linker stages.
* debian/control: Add libexif-dev, libgcrypt-dev to build-deps.
* debian/control: Drop Recommend x11-xserver-utils, x11-utils .
* debian/control: Add libexif-dev to build-deps.
* debian/apport/chromium-browser.py: Convert encoded bytes to str before
splitting. Converting these to str at all is wrong, though.
* debian/patches/flash-redirection: Redirect Flash installation through
Ubuntu wiki for better user experience.
* debian/patches/clipboard: Backport a few bug fixes.
* debian/patches/title-bar-default-system.patch-v34: Temporarily disable
system menu default to avoid window initial placement that doesn't take
into consideration the title bar.
-- Chad MILLER <email address hidden> Mon, 14 Jul 2014 14:01:49 -0400
-
chromium-browser (34.0.1847.116-0ubuntu2) trusty; urgency=medium
* Don't recommend pepperflashplugin-nonfree, which is in multiverse. (LP:
#1307606)
-- Iain Lane <email address hidden> Mon, 14 Apr 2014 17:43:53 +0100
