See https://www.openwall.com/lists/oss-security/2024/01/30/7 A non-transitive comparison (that is, one where you might see A > B and B > C, but A <= C), can also make the sort disordered, which might have other bad effects. A common cause is return a - b; where a and b are the size of an int or bigger and could overflow. There are several patches that will reference this bug.
This bug was referenced in samba master: 73e4f6026ad04b73074b413bd8c838ca48ffde7f 8b6a584170eeb5082a188879be88e5f414b0be81 5ab93f48c575db1a3c5a707258cc44f707a5eeb0 de1b94f79ea8694ecdddab4b455d539caa7e77e2 5150b318f4894a8036b2a394c446afd513f8cb60 75e51bd99b7a029afd98b55283eddad835319ed6 a6d76d6ee9f7cfcabe2c20b872b8b1cb598928a6 623adcf4aae00ac06e82d98a75ce4644890501e6 ee4ebcccd7d9d89dda59615b3653df2632fb1a5d 09c98ff1263eb05933f1956e201655dd41e28a0c ac0a8cd92ca4497bfcfad30e2b4d47547b582b92 dda0bb6fc71bae91f3158f69462cb79fdad210fb a512759d7b216cacc0a780b3304549b7945f919c f788a399996a73b2aa206ec2b15f5943b06660e0 d4ce8231f986a359dc657cd1a6b416270a53c7d3 675fdeee3d6570fdf5a055890dc3386a8db5fd88 f07ae6990702f8806c0c815454b80a5596b7219a 4a9d274d43b1adac113419c649bbf530d180229d 3414a894ad6640fa8e282d650b1cc5319991545f 6159b098cf35a8043682bfd4c4ea17ef0da6e8ee 997b72d79e651ddbc20e67006ae176229528dc6f f78b964cd81db11097e78099c0699f571f20e126 838c68470299045c5b1c9bdbd527edbeedebf2d6 e1519c3667841ce27b15983eae378799ef9936f7 5c36bc82415b246fccec9eae693da82b7aa45b81 21a071e4864dd739840c2ad4adb0c71ec33f8427 cb94202c1cf990e871ee2e8e43c577a0e4b9ee6f 4641a97151783c2ae825582e91b4676d66dcb713 dd4a0c276813b2c8516061110a7e580aa9afcf40 ed3ab87bdb0f6c6a9ea6323ed240fe267220b759 42ead213484840121ce6bc0db22941ea0a019105 66d47537e42caa528c7fab670d9c35d27c513cce d8b97649ef4d3ccaf53878021be0e2d4824b982c a197be2003d7e248b1e1294f4ad5473f48762bce 5e99262aaf5fc6601f3859c8b060b680b11bf6ea 31101a9fa1503be9d8137e42466f57d85136a156 e35d54fd4d381df67ab9b4f8390e2109b2142678 81598b42455d6758941da532c668b6d4e969cc40
This bug was referenced in samba master: d785c1991c922150bab38c36cef3a799448ac304 d4e69734c65ade0bbb398447012513a7f27e98bd 531f31df99341b2cb1afc42538022451ca771983 5fe488d515a8bb719bdeafb8b64d8479732b5ac8 9b73235d4957a487fbb3214fdfda6461a2cf0b21 8b2605a5d9cc14f9e6ddf2db704cdca2f523d74e 386216d4a158d8bafb0879a0a753da096a939b93 8317a6173646d425dc99e08bbf3d6086b0086bc5 75682e397b9cf22d04a5d80252554c6b2e376793 acaa1323d0337ae9339dfff9f856ea54725a86ac 7ba6fcb93656e5e88e1d5bcd6002747aa64f0a3a 31c322874b8b65518cec945e05a42fd014e6390b 7be535315a5eed5d5b7eaea025ecf9f55e772e8e 6229feab74a734190c302ee9b1cc36960669743d 6722e80d1b3a252a1ed714be4a35185cd99971e3 db963b1674ede357d4edba578e0e0372dcb2f287 11d5a809325369b48d14023adf109e418bb1c7af 70356592563bf758dbe509413445b77bb0d7da14 341b8fb60e291ad598fafd7a09a75e9b249de07f 7280c8e53f463108fe3de443ce63572dde689a30 a75c98ad688415aec8afc617a759ba90cfd9f23b
This bug was referenced in samba master: af7654331fb6a2d9cc41cf5bdffa74c81ff4ffee 5335f122fb551231a02a58f88f6a0aa23b5e02cb 827b0c39ed0497407bfcfc5683735a165b1b0f0a f81b7c7eb206a447d799a25cc2da26304dc7567a e2051eebd492a419f840280336eb242d0b4a26ac
Created attachment 18297 [details] patches for 4.20.
Created attachment 18298 [details] patches for 4.19
Created attachment 18299 [details] backport to 4.17 in case anyone wants it
Comment on attachment 18297 [details] patches for 4.20. CI for 4.20 passed https://gitlab.com/samba-team/devel/samba/-/pipelines/1282592514