nss-resolve: fix the ip addr family validity check method

`i` only counts the number of matches with the current family,
while `n_addresses` counts the number of matches with the family INET or INET6.
If the address contains both INET and INET6, `assert(i == n_addresses)` will fail.

man/capsule@.service.xml

@@ -83,7 +83,7 @@
 
     <para>Capsule names may be chosen freely by the user, however, they must be suitable as UNIX filenames
     (i.e. 255 characters max, and contain no <literal>/</literal>), and when prefixed with
-    <literal>p-</literal> be suitable as a user name matching strict POSIX rules, see <ulink
+    <literal>c-</literal> be suitable as a user name matching strict POSIX rules, see <ulink
     url="https://systemd.io/USER_NAMES">User/Group Name Syntax</ulink> for details.</para>
 
     <xi:include href="version-info.xml" xpointer="v256"/>

src/nss-resolve/nss-resolve.c

@@ -418,7 +418,7 @@ enum nss_status _nss_resolve_gethostbyname3_r(
                 if (r < 0)
                         goto fail;
 
-                if (!IN_SET(q.family, AF_INET, AF_INET6))
+                if (q.family != af)
                         continue;
 
                 if (q.address_size != FAMILY_ADDRESS_SIZE(q.family)) {

src/shared/bus-print-properties.c

@@ -16,6 +16,14 @@
 #include "strv.h"
 #include "time-util.h"
 
+bool bus_property_is_timestamp(const char *name) {
+        assert(name);
+
+        /* Trust me, this naming convention is ironclad. Except for these three. Okay four. Well... */
+        return endswith(name, "Timestamp") ||
+                        STR_IN_SET(name, "NextElapseUSecRealtime", "LastTriggerUSec", "TimeUSec", "RTCTimeUSec");
+}
+
 int bus_print_property_value(const char *name, const char *expected_value, BusPrintPropertyFlags flags, const char *value) {
         assert(name);
 
@@ -104,12 +112,7 @@ static int bus_print_property(const char *name, const char *expected_value, sd_b
                 if (r < 0)
                         return r;
 
-                /* Yes, heuristics! But we can change this check
+                if (bus_property_is_timestamp(name))
-                 * should it turn out to not be sufficient */
-
-                if (endswith(name, "Timestamp") ||
-                    STR_IN_SET(name, "NextElapseUSecRealtime", "LastTriggerUSec", "TimeUSec", "RTCTimeUSec"))
-
                         bus_print_property_value(name, expected_value, flags, FORMAT_TIMESTAMP(u));
 
                 /* Managed OOM pressure default implies "unset" and use the default set in oomd.conf. Without

src/shared/bus-print-properties.h

@@ -10,6 +10,8 @@ typedef enum BusPrintPropertyFlags {
 
 typedef int (*bus_message_print_t) (const char *name, const char *expected_value, sd_bus_message *m, BusPrintPropertyFlags flags);
 
+bool bus_property_is_timestamp(const char *name);
+
 int bus_print_property_value(const char *name, const char *expected_value, BusPrintPropertyFlags flags, const char *value);
 int bus_print_property_valuef(const char *name, const char *expected_value, BusPrintPropertyFlags flags, const char *fmt, ...) _printf_(4,5);
 int bus_message_print_all_properties(sd_bus_message *m, bus_message_print_t func, char **filter, BusPrintPropertyFlags flags, Set **found_properties);

src/systemctl/systemctl-show.c

@@ -1215,7 +1215,7 @@ static int print_property(const char *name, const char *expected_value, sd_bus_m
                 break;
 
         case SD_BUS_TYPE_UINT64:
-                if (endswith(name, "Timestamp")) {
+                if (bus_property_is_timestamp(name)) {
                         uint64_t timestamp;
 
                         r = sd_bus_message_read_basic(m, bus_type, &timestamp);

test/test-network/systemd-networkd-tests.py

@@ -81,10 +81,10 @@ valgrind_cmd = ''
 enable_debug = True
 env = {}
 wait_online_env = {}
-asan_options = None
+asan_options = os.getenv('ASAN_OPTIONS')
-lsan_options = None
+lsan_options = os.getenv('LSAN_OPTIONS')
-ubsan_options = None
+ubsan_options = os.getenv('UBSAN_OPTIONS')
-with_coverage = False
+with_coverage = os.getenv('COVERAGE_BUILD_DIR') != None
 show_journal = True # When true, show journal on stopping networkd.
 
 active_units = []
@@ -487,7 +487,19 @@ def create_service_dropin(service, command, additional_settings=None):
     if ubsan_options:
         drop_in += [f'Environment=UBSAN_OPTIONS="{ubsan_options}"']
     if asan_options or lsan_options or ubsan_options:
-        drop_in += ['SystemCallFilter=']
+        # Disable system call filter when running with sanitizers, as they seem to call filtered syscall at
+        # the very end of the execution and stuck the process. See issue #39567.
+        drop_in += [
+            'LockPersonality=no',
+            'ProtectClock=no',
+            'ProtectKernelLogs=no',
+            'RestrictAddressFamilies=',
+            'RestrictNamespaces=no',
+            'RestrictRealtime=no',
+            'RestrictSUIDSGID=no',
+            'SystemCallArchitectures=',
+            'SystemCallFilter=',
+        ]
     if use_valgrind or asan_options or lsan_options or ubsan_options:
         drop_in += ['MemoryDenyWriteExecute=no']
     if use_valgrind:

test/units/TEST-07-PID1.socket-defer.sh

@@ -72,7 +72,7 @@ assert_eq "$(systemctl show "$UNIT_NAME.socket" -P SubState)" "listening"
 
 socat -u - UNIX-CONNECT:"/tmp/$UNIT_NAME/test" &
 wait_for_start
-kill %%
+wait %%
 
 touch "/tmp/$UNIT_NAME/flag"
 systemctl start "$UNIT_NAME-conflict2.service"
@@ -80,7 +80,7 @@ wait_for_stop
 
 socat -u - UNIX-CONNECT:"/tmp/$UNIT_NAME/test" &
 wait_for_start
-kill %%
+wait %%
 (! systemctl -q is-active "$UNIT_NAME-conflict2.service")
 
 # DeferTrigger=yes
@@ -99,7 +99,7 @@ assert_eq "$(systemctl show "$UNIT_NAME-conflict1.service" -P SubState)" "start"
 socat -u - UNIX-CONNECT:"/tmp/$UNIT_NAME/test" &
 timeout 30 bash -c "until [[ \$(systemctl show '$UNIT_NAME.socket' -P SubState) == 'deferred' ]]; do sleep .5; done"
 (! systemctl -q is-active "$UNIT_NAME.service")
-kill %%
+wait %%
 assert_eq "$(systemctl show "$UNIT_NAME-conflict1.service" -P SubState)" "start"
 
 systemctl daemon-reload
@@ -122,7 +122,7 @@ wait_for_stop
 socat -u - UNIX-CONNECT:"/tmp/$UNIT_NAME/test" &
 timeout 30 bash -c "until [[ \$(systemctl show '$UNIT_NAME.socket' -P SubState) == 'deferred' ]]; do sleep .5; done"
 (! systemctl -q is-active "$UNIT_NAME.service")
-kill %%
+wait %%
 
 rm "/tmp/$UNIT_NAME/flag"
 timeout 30 bash -c "while systemctl -q is-active '$UNIT_NAME-conflict2.service'; do sleep .2; done"
@@ -138,7 +138,7 @@ assert_eq "$(systemctl show "$UNIT_NAME-conflict1.service" -P SubState)" "start"
 socat -u - UNIX-CONNECT:"/tmp/$UNIT_NAME/test" &
 timeout 30 bash -c "until [[ \$(systemctl show '$UNIT_NAME.socket' -P SubState) == 'deferred' ]]; do sleep .5; done"
 (! systemctl -q is-active "$UNIT_NAME.service")
-kill %%
+wait %%
 
 echo "DeferTriggerMaxSec=20s" >>/run/systemd/system/"$UNIT_NAME.socket"
 systemctl daemon-reload

test/units/TEST-13-NSPAWN.machined.sh

@@ -48,6 +48,7 @@ trap 'touch /terminate; kill 0' RTMIN+3
 trap 'touch /poweroff' RTMIN+4
 trap 'touch /reboot' INT
 trap 'touch /trap' TRAP
+trap 'exit 0' TERM
 trap 'kill $PID' EXIT
 
 # We need to wait for the sleep process asynchronously in order to allow
@@ -325,6 +326,7 @@ ip address add 192.0.2.1/24 dev hoge
 PID=0
 
 trap 'kill 0' RTMIN+3
+trap 'exit 0' TERM
 trap 'kill $PID' EXIT
 
 # We need to wait for the sleep process asynchronously in order to allow
@@ -439,9 +441,14 @@ varlinkctl call /run/systemd/machine/io.systemd.Machine io.systemd.Machine.OpenR
 
 # Terminating machine, otherwise acquiring image metadata by io.systemd.MachineImage.List may fail in the below.
 machinectl terminate long-running
-# wait for the container being stopped, otherwise acquiring image metadata by io.systemd.MachineImage.List may fail in the below.
+# Wait for the container to stop, otherwise acquiring image metadata by io.systemd.MachineImage.List below
-timeout 30 bash -c "while machinectl status long-running &>/dev/null; do sleep .5; done"
+# may fail.
-systemctl kill --signal=KILL systemd-nspawn@long-running.service || :
+#
+# We need to wait until the systemd-nspawn process is completely stopped, as the lock is held for almost the
+# entire life of the process (see the run() function in nspawn.c). This means that the machine gets
+# unregistered _before_ this lock is lifted which makes `machinectl status` return non-zero EC earlier than
+# we need.
+timeout 30 bash -xec 'until [[ "$(systemctl show -P ActiveState systemd-nspawn@long-running.service)" == inactive ]]; do sleep .5; done'
 
 # test io.systemd.MachineImage.List
 varlinkctl --more call /run/systemd/machine/io.systemd.MachineImage io.systemd.MachineImage.List '{}' | grep 'long-running'

test/units/TEST-26-SYSTEMCTL.sh

@@ -287,6 +287,59 @@ for value in pretty us µs utc us+utc µs+utc; do
     systemctl show -P KernelTimestamp --timestamp="$value"
 done
 
+# --timestamp with timer properties (issue #39282)
+TIMER1="timestamp-test1-$RANDOM.timer"
+SERVICE1="${TIMER1%.timer}.service"
+cat >"/run/systemd/system/$SERVICE1" <<EOF
+[Service]
+Type=oneshot
+ExecStart=true
+EOF
+
+cat >"/run/systemd/system/$TIMER1" <<EOF
+[Timer]
+OnCalendar=*-*-* 00:00:00
+EOF
+
+systemctl daemon-reload
+systemctl start "$TIMER1"
+
+output=$(systemctl show -P NextElapseUSecRealtime --timestamp=unix "$TIMER1")
+if [[ ! "$output" =~ ^@[0-9]+$ ]]; then
+    echo "NextElapseUSecRealtime: expected @<number> with --timestamp=unix, got: $output" >&2
+    exit 1
+fi
+
+systemctl stop "$TIMER1"
+rm -f "/run/systemd/system/$TIMER1" "/run/systemd/system/$SERVICE1"
+
+TIMER2="timestamp-test2-$RANDOM.timer"
+SERVICE2="${TIMER2%.timer}.service"
+cat >"/run/systemd/system/$SERVICE2" <<EOF
+[Service]
+Type=oneshot
+ExecStart=true
+EOF
+
+cat >"/run/systemd/system/$TIMER2" <<EOF
+[Timer]
+OnActiveSec=100ms
+EOF
+
+systemctl daemon-reload
+systemctl start "$TIMER2"
+sleep 0.5
+
+output=$(systemctl show -P LastTriggerUSec --timestamp=unix "$TIMER2")
+if [[ ! "$output" =~ ^@[0-9]+$ ]]; then
+    echo "LastTriggerUSec: expected @<number> with --timestamp=unix, got: $output" >&2
+    exit 1
+fi
+
+systemctl stop "$TIMER2"
+rm -f "/run/systemd/system/$TIMER2" "/run/systemd/system/$SERVICE2"
+systemctl daemon-reload
+
 # set-default/get-default
 test_get_set_default() {
     target="$(systemctl get-default "$@")"