Update to the current 1.36 stable version

https://launchpad.net/ubuntu/+source/network-manager/1.38.0-1ubuntu2 for kinetic

Hello Sebastien, or anyone else affected,

Accepted network-manager into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/network-manager/1.36.6-0ubuntu1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

All autopkgtests for the newly accepted network-manager (1.36.6-0ubuntu1) for jammy have finished running.
The following regressions have been reported in tests triggered by the package:

network-manager/1.36.6-0ubuntu1 (arm64)
systemd/249.11-0ubuntu3.1 (ppc64el, arm64)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/jammy/update_excuses.html#network-manager

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

The autopkgtest listed before worked on a retry

1.36.6-0ubuntu1 is working as expected testing wifi, VPN, hotspot and standard desktop options. The autopkgtests showed no problem and we didn't get report of new problems.

The verification of the Stable Release Update for network-manager has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

This bug was fixed in the package network-manager - 1.36.6-0ubuntu1

---------------
network-manager (1.36.6-0ubuntu1) jammy; urgency=medium

  * New stable version (lp: #1974428)
  * debian/gbp.conf:
    - updated the packaging vcs serie
  * d/p/supplicant-add-BIP-interface-capability.patch,
    d/p/supplicant-enable-WPA3-transition-mode-only-when-interfac.patch:
    - remove, included in the new version

 -- Sebastien Bacher <email address hidden> Fri, 20 May 2022 13:08:51 +0200

All of a sudden SLAAC addresses are preferred over DHCPv6 addresses, which should not be happening. Setting ip6.privacy=0 no longer helps, nor does setting net.ipv6.conf.all.use_tempaddr = 0 with sysctl.

Do you mean after this update? Could you do a new report and include details on the step to trigger the issue?

https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1977619

@seb128 I have created a new bug report with links to the upstream commits. The core of the issue is that IPv6 addresses are now being added in the wrong order, so the kernel prefers SLAAC addresses over DHCPv6 addresses, which should be the other way around.

As this is a breaking change in IPv6 source address selection in an LTS release, I think the impact is severe. In my opinion, this update should never have reached stable, especially because this bug is known upstream and fixed in a later version. So this update introduced a known-broken release.

I'm already quite stressed how this will turn out at work after the weekend. We use source-based ACL's on all of our firewalls, giving static DHCPv6 leases to our client devices. Now all of a sudden those addresses are no longer being used for outgoing traffic, but instead the non-controllable SLAAC-addresses are. This will lock everyone out of all servers.

The only way to get the proper addresses to be preferred again seems to be to disable SLAAC on the router, because any local setting in NetworkManager no longer works. I can disable SLAAC without issues at home, because everything is 100% Ubuntu and Debian there. But in environments with other OS'es that don't support DHCPv6 (like Android), disabling SLAAC will break IPv6 on all such devices. Moreover, not everybody controls their own routers, so this really isn't much of a solution.

Other options would be to downgrade and apt-mark hold network-manager on all Ubuntu 22.04 devices, or to completely change server firewall infrastructure by whitelisting prefixes. As you can see, none of these options sound appealing.

So regarding the regression potential: it has severely regressed IPv6 handling, fundamentally changed IPv6 routing behaviour of a stable distribution, and definitely *not* fixed things.

Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS and 22.04 LTS - prior to this update - all preferred DHCPv6 addresses over SLAAC addresses unless "prefer temporary address" / ip6.privacy=2 was set. Debian sid - with a newer NetworkManager - also prefers DHCPv6 addresses over SLAAC addresses, and therefore Ubuntu kinetic will probably also do so, as this was fixed upstream in 1.38.0. It's just NetworkManager 1.36.6 that's broken, causing 22.04 LTS to now behave completely different from all other Ubuntu releases.

Thanks, the new ticket is bug #1977619 and is being discussed upstream now