Arch Linux User Repository

Also having issues with the sha256sum. I think the problem here is that the developers of FDM updates the package with a newer version but does not put the package version in the package filename but instead overrides it with a new version of the package (this is bad practice). This create problems when the package is updated and the sha256sum changes. There are ways to make makepkg ignore the checksum but unless you are building from git this is not recommended, especially given the software's history mentioned below.

sed -i 's/\/opt\/freedownloadmanager\/icon.png/freedownloadmanager/g' \ './usr/share/applications/freedownloadmanager.desktop'

In this line, it loads unknown icon path. By removing this line, it actually load the correct icon path

Hi and thank you for maintaining this package ❤️

The latest build does not pass the validity check

==> Validating source files with sha256sums...
    freedownloadmanager.deb ... FAILED
==> ERROR: One or more files did not pass the validity check!

Warning: Ignoring XDG_SESSION_TYPE=wayland on Gnome. Use QT_QPA_PLATFORM=wayland to run on Wayland anyway. QApplication: invalid style override passed, ignoring it. Available styles: Windows, Fusion Using Wayland-EGL Using the 'xdg-shell' shell integration qt.qpa.wayland: Wayland does not support QWindow::requestActivate() fish: Job 1, 'fdm --debug' terminated by signal SIGSEGV (Address boundary error)

@Shamshiel Thanks for those

Cloned the git repo and ran:

$ for commit in $(git log --format=%H); do git checkout $commit -- PKGBUILD; cat PKGBUILD | grep sum; done

Unless there was a checksum from an old update from the malicious package seems luckily the checksum is fineL

dca98d8641043b35b9aa22ba7b864f23dc1b4dd0361055941f96752bc91d5d6c, a937363c821f5be62e4806fccf75697f66d3761ba6a195ce013b01506d846136, a937363c821f5be62e4806fccf75697f66d3761ba6a195ce013b01506d846136, a937363c821f5be62e4806fccf75697f66d3761ba6a195ce013b01506d846136, 43249ff430b24625d319dcf566fbda37c2bd078201c6aa39357dbe048c04e3e3, 24c0406298d11e1b66b00bbec4d427915a61794ab7b3216c8af6575e20d5356a, 055d8bf0e9a697dd9d5f3a6177c3ec6f2b99769b52b052bf7ce442f4eb0863ad, 055d8bf0e9a697dd9d5f3a6177c3ec6f2b99769b52b052bf7ce442f4eb0863ad, 0cd81531fe3927e61e8c9f5da7b8f95900ada2e71240281280614af19815a92f, 0cd81531fe3927e61e8c9f5da7b8f95900ada2e71240281280614af19815a92f, c15593e28ecc4ae79eda3b1db7509e59e94cff6e214d356296470af69ad6797c, 85ad2f00c72b28519e03a003708ea8bcd58c28293018e15c54bf2e5380a72fb0, ca0ac5a1a8586f51714b31db5b41dee9a0cbf4c23a2dd76b8c39297d2a0f15fb, 964c5ffbd55ca8738772fd89c2a676c099c53c0b446a43126a20b4814d5cdebe4a2bbbfdd6f2af713d21a7cbb47fe6e575f39d307f5b09510ab408679b040b05, 128c4f122537852eac7b1e0091346486, 8db0504e6c1cf7f6a5be87a1909731d4d7b5038ef34aa97015498b0cd4872606, 6142ccd59e3cc955f6264aa3b517cd0df4207ab8e283ad79f2d59720099744df, 46a482f66e9e70d3ae2c93b3543d2bf30976a991fff5e92c525d06a2e8292565, 3889cfc2735e86ad226090fbdfe37d88e47aaa0effc682a46d72b1b093a60352, 3565df5dfe376d3da09c2f540193f25aabbce236e638f630e0dc553f0e53d706, 87ac79b5cfdf1e733225a8ac3bb69025a8f83af85327a4b3c20b368bb93d6a33, 2e8e074d866d795e268ae1e853337517612265446f1e4441c0f555539c451b68, 460c3354d5fda7c07e936da4b282ac1a1a2cd5145207d425572a506cf8bece91, ba90bad2823ac93ba38813ffc8b3e13b2a4c343606ec49d712e0f36d79491e91, 217b7bf3f20ddac9f85fdcac4a638767, 6be2df7ca0ed6a25fd2ce864394afc28, 8d2696f79480eb70770171921c2c4ab5, 8d2696f79480eb70770171921c2c4ab5, 4b2d436de0634f430669773b91c278a6, 78b6f3ab81d39eb06cb7f0cfe8924c66, de72a96c687cde45104bde4136c26496, 68771720738bc9c1a17be51403a7ad18, 68771720738bc9c1a17be51403a7ad18, 0cb37e0092406af6c0c9dc801119df3e, 005d92398605a0b120c25bc569a4fcb9, 07e555ba6a8621ffe38cabbd033597dc, ef1a2ffc8387e57184345f1d0e2396c8, 98f74fd9abc3471b05c4c93e2fd1f78f, 98f74fd9abc3471b05c4c93e2fd1f78f

The malicious checksums apparently are the following:

• b77f63f14d0b2bde3f4f62f4323aad87194da11d71c117a487e18ff3f2cd468d (Malicious Debian Package)
• 2214c7a0256f07ce7b7aab8f61ef9cbaff10a456c8b9f2a97d8f713abd660349 (crond backdoor)
• 93358bfb6ee0caced889e94cd82f6f417965087203ca9a5fce8dc7f6e1b8a3ea (bs backdoor)
• d73be6e13732d365412d71791e5eb1096c7bb13d6f7fd533d8c04392ca0b69b5 (atd uploader)

The recent checksum used in this package are:

• Current: dca98d8641043b35b9aa22ba7b864f23dc1b4dd0361055941f96752bc91d5d6c (for 6.19.1.5263)
• From 2022-11-13 to 2023-04-14 a937363c821f5be62e4806fccf75697f66d3761ba6a195ce013b01506d846136 (for 6.19.0.5156)

Don't know if there is an easy way to check the last couple of years (especially 2020-2022) if a malicious checksum was ever in this AUR package.

For anyone here who was having checksum errors and decided to change the checksum anyway to install it (bad idea for future reference, always verify with the package maintainer/owner): I highly recommend you check you haven't now installed the malicious version (as described here: https://www.bleepingcomputer.com/news/security/free-download-manager-site-redirected-linux-users-to-malware-for-years/).

These files are the giveaway apparently: /etc/cron.d/collect /var/tmp/crond /var/tmp/bs

I don't have the checksum for the malicious version but @rizwan486 you might want to check on this one in case this was at any point pushed as part of the pkgbuild..

It seems that FDM has/had some malware problems on Linux. Was/Is this AUR package also impacted by it?

https://securelist.com/backdoored-free-download-manager-linux-malware/110465/

I imagine the sha256sum would have prevented the malicious version to be processed by the PKGBUILD. But certainly the trustworthiness of the source is dubious.