Closed Bug 1846117 Opened 1 year ago Closed 1 year ago

Checksum for downloaded lxml packages is different compared to Chrome

Categories

(Core :: Networking: HTTP, defect)

Product:
Core
Component:
Networking: HTTP
Version:
Firefox 115
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1470011
Tracking Flags:
Tracking Status
firefox116 --- affected
firefox117 --- affected
firefox118 --- affected

People

(Reporter: 20001722, Unassigned)

References

Details

User Agent: Mozilla/5.0 (Android 11; Mobile; rv:109.0) Gecko/115.0 Firefox/115.0

Steps to reproduce:

  1. Downloads lxml package from https://lxml.de/files/ using Firefox and Chrome.
  2. Calculate the checksum of the downloaded file.

Actual results:

7d86910afa4bda9c3579428a5e26667e5d3dfab6302b9a16d6e6448557c31ef4 lxml-4.9.2.tgz (Downloaded using Firefox)

2455cfaeb7ac70338b3257f41e21f0724f4b5b0c0e7702da67ee6c3640835b67 lxml-4.9.2(1).tgz
(Downloaded using Chrome)

Expected results:

2455cfaeb7ac70338b3257f41e21f0724f4b5b0c0e7702da67ee6c3640835b67 lxml-4.9.2.tgz (Downloaded using Firefox)

2455cfaeb7ac70338b3257f41e21f0724f4b5b0c0e7702da67ee6c3640835b67 lxml-4.9.2(1).tgz
(Downloaded using Chrome)

Correction of User-Agent

Incorrect: Mozilla/5.0 (Android 11; Mobile; rv:109.0) Gecko/115.0 Firefox/115.0
Correct: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0 ) Gecko/20100101 Firefox/115.0

The Bugbug bot thinks this bug should belong to the 'Firefox::Downloads Panel' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → Downloads Panel

Hello, thank you for the bug report!
Managed to reproduce on:

  • Nightly 118.0a1;
  • Beta 117.0b1;
  • Firefox 116.0;

Tested and reproduced on:

  • Ubuntu 22;

STR I used:

  1. Launch Firefox.
  2. Go to https://lxml.de/files/ .
  3. Initiate a download - I downloaded the lxml-4.9.2.tgz, same as the reporter.
  4. Go to the file location directory[eg. Downloads].
  5. Open the folder in a terminal window.
  6. Type sha256sum [filename] and press enter to apply the command.
  7. Observe the result.

Setting as NEW so the developing team can have a look.

Status: UNCONFIRMED → NEW
status-firefox116: --- → affected
status-firefox117: --- → affected
status-firefox118: --- → affected
Ever confirmed: true

This is because the server sends content-encoding: gzip and content-type: application/octet-stream. Firefox then un-gzips because the server indicates it just encoded the content as gzip (rather than saying "here's a tar.gz file, don't touch it"). Chrome leaves the content as-is. This is an issue that comes up every now and then, but AIUI Firefox is doing what the server suggests...

If you download the same tar.gz file from pypi, the issue doesn't happen, because the pypi server sends the correct headers.

Component: Downloads Panel → Networking: HTTP
Keywords: dupeme
Product: Firefox → Core
See Also: → 610679, 1470011
See Also: → 406948, 424306
See Also: → 1755324
Status: NEW → RESOLVED
Closed: 1 year ago
Duplicate of bug: 1470011
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.