Package Details: freedownloadmanager 6.26.1.6177-2

Git Clone URL: https://aur.archlinux.org/freedownloadmanager.git (read-only, click to copy)
Package Base: freedownloadmanager
Description: FDM is a powerful modern download accelerator and organizer.
Upstream URL: https://www.freedownloadmanager.org/
Keywords: fdm freedownloadmanager
Licenses: Freeware
Submitter: rizwan486
Maintainer: rizwan486
Last Packager: rizwan486
Votes: 39
Popularity: 0.87
First Submitted: 2020-01-21 11:41 (UTC)
Last Updated: 2025-04-09 05:09 (UTC)

Latest Comments

« First ‹ Previous 1 2 3 4 5 6 7 8 9 .. 12 Next › Last »

brijesh commented on 2024-02-11 11:56 (UTC)

sed -i 's/\/opt\/freedownloadmanager\/icon.png/freedownloadmanager/g' \ './usr/share/applications/freedownloadmanager.desktop'

In this line, it loads unknown icon path. By removing this line, it actually load the correct icon path

EgidioCaprino commented on 2023-12-24 09:25 (UTC)

Hi and thank you for maintaining this package ❤️

The latest build does not pass the validity check

==> Validating source files with sha256sums...
    freedownloadmanager.deb ... FAILED
==> ERROR: One or more files did not pass the validity check!

gnomewaylandibus commented on 2023-11-22 03:57 (UTC)

Warning: Ignoring XDG_SESSION_TYPE=wayland on Gnome. Use QT_QPA_PLATFORM=wayland to run on Wayland anyway. QApplication: invalid style override passed, ignoring it. Available styles: Windows, Fusion Using Wayland-EGL Using the 'xdg-shell' shell integration qt.qpa.wayland: Wayland does not support QWindow::requestActivate() fish: Job 1, 'fdm --debug' terminated by signal SIGSEGV (Address boundary error)

doctorzeus commented on 2023-09-14 10:37 (UTC) (edited on 2023-09-14 10:54 (UTC) by doctorzeus)

@Shamshiel Thanks for those

Cloned the git repo and ran:

$ for commit in $(git log --format=%H); do git checkout $commit -- PKGBUILD; cat PKGBUILD | grep sum; done

Unless there was a checksum from an old update from the malicious package seems luckily the checksum is fineL

dca98d8641043b35b9aa22ba7b864f23dc1b4dd0361055941f96752bc91d5d6c, a937363c821f5be62e4806fccf75697f66d3761ba6a195ce013b01506d846136, a937363c821f5be62e4806fccf75697f66d3761ba6a195ce013b01506d846136, a937363c821f5be62e4806fccf75697f66d3761ba6a195ce013b01506d846136, 43249ff430b24625d319dcf566fbda37c2bd078201c6aa39357dbe048c04e3e3, 24c0406298d11e1b66b00bbec4d427915a61794ab7b3216c8af6575e20d5356a, 055d8bf0e9a697dd9d5f3a6177c3ec6f2b99769b52b052bf7ce442f4eb0863ad, 055d8bf0e9a697dd9d5f3a6177c3ec6f2b99769b52b052bf7ce442f4eb0863ad, 0cd81531fe3927e61e8c9f5da7b8f95900ada2e71240281280614af19815a92f, 0cd81531fe3927e61e8c9f5da7b8f95900ada2e71240281280614af19815a92f, c15593e28ecc4ae79eda3b1db7509e59e94cff6e214d356296470af69ad6797c, 85ad2f00c72b28519e03a003708ea8bcd58c28293018e15c54bf2e5380a72fb0, ca0ac5a1a8586f51714b31db5b41dee9a0cbf4c23a2dd76b8c39297d2a0f15fb, 964c5ffbd55ca8738772fd89c2a676c099c53c0b446a43126a20b4814d5cdebe4a2bbbfdd6f2af713d21a7cbb47fe6e575f39d307f5b09510ab408679b040b05, 128c4f122537852eac7b1e0091346486, 8db0504e6c1cf7f6a5be87a1909731d4d7b5038ef34aa97015498b0cd4872606, 6142ccd59e3cc955f6264aa3b517cd0df4207ab8e283ad79f2d59720099744df, 46a482f66e9e70d3ae2c93b3543d2bf30976a991fff5e92c525d06a2e8292565, 3889cfc2735e86ad226090fbdfe37d88e47aaa0effc682a46d72b1b093a60352, 3565df5dfe376d3da09c2f540193f25aabbce236e638f630e0dc553f0e53d706, 87ac79b5cfdf1e733225a8ac3bb69025a8f83af85327a4b3c20b368bb93d6a33, 2e8e074d866d795e268ae1e853337517612265446f1e4441c0f555539c451b68, 460c3354d5fda7c07e936da4b282ac1a1a2cd5145207d425572a506cf8bece91, ba90bad2823ac93ba38813ffc8b3e13b2a4c343606ec49d712e0f36d79491e91, 217b7bf3f20ddac9f85fdcac4a638767, 6be2df7ca0ed6a25fd2ce864394afc28, 8d2696f79480eb70770171921c2c4ab5, 8d2696f79480eb70770171921c2c4ab5, 4b2d436de0634f430669773b91c278a6, 78b6f3ab81d39eb06cb7f0cfe8924c66, de72a96c687cde45104bde4136c26496, 68771720738bc9c1a17be51403a7ad18, 68771720738bc9c1a17be51403a7ad18, 0cb37e0092406af6c0c9dc801119df3e, 005d92398605a0b120c25bc569a4fcb9, 07e555ba6a8621ffe38cabbd033597dc, ef1a2ffc8387e57184345f1d0e2396c8, 98f74fd9abc3471b05c4c93e2fd1f78f, 98f74fd9abc3471b05c4c93e2fd1f78f

Shamshiel commented on 2023-09-14 09:48 (UTC) (edited on 2023-09-14 09:49 (UTC) by Shamshiel)

The malicious checksums apparently are the following:

  • b77f63f14d0b2bde3f4f62f4323aad87194da11d71c117a487e18ff3f2cd468d (Malicious Debian Package)
  • 2214c7a0256f07ce7b7aab8f61ef9cbaff10a456c8b9f2a97d8f713abd660349 (crond backdoor)
  • 93358bfb6ee0caced889e94cd82f6f417965087203ca9a5fce8dc7f6e1b8a3ea (bs backdoor)
  • d73be6e13732d365412d71791e5eb1096c7bb13d6f7fd533d8c04392ca0b69b5 (atd uploader)

The recent checksum used in this package are:

  • Current: dca98d8641043b35b9aa22ba7b864f23dc1b4dd0361055941f96752bc91d5d6c (for 6.19.1.5263)
  • From 2022-11-13 to 2023-04-14 a937363c821f5be62e4806fccf75697f66d3761ba6a195ce013b01506d846136 (for 6.19.0.5156)

Don't know if there is an easy way to check the last couple of years (especially 2020-2022) if a malicious checksum was ever in this AUR package.

doctorzeus commented on 2023-09-14 08:34 (UTC)

For anyone here who was having checksum errors and decided to change the checksum anyway to install it (bad idea for future reference, always verify with the package maintainer/owner): I highly recommend you check you haven't now installed the malicious version (as described here: https://www.bleepingcomputer.com/news/security/free-download-manager-site-redirected-linux-users-to-malware-for-years/).

These files are the giveaway apparently: /etc/cron.d/collect /var/tmp/crond /var/tmp/bs

I don't have the checksum for the malicious version but @rizwan486 you might want to check on this one in case this was at any point pushed as part of the pkgbuild..

Shamshiel commented on 2023-09-13 08:08 (UTC)

It seems that FDM has/had some malware problems on Linux. Was/Is this AUR package also impacted by it?

bonob commented on 2023-09-12 23:21 (UTC)

https://securelist.com/backdoored-free-download-manager-linux-malware/110465/

I imagine the sha256sum would have prevented the malicious version to be processed by the PKGBUILD. But certainly the trustworthiness of the source is dubious.

rizwan486 commented on 2023-05-20 19:21 (UTC)

@rainbowbrolly I just upgraded it. Now it will work.

« First ‹ Previous 1 2 3 4 5 6 7 8 9 .. 12 Next › Last »