Update to the current 1.36 stable version

Bug #1974428 reported by Sebastien Bacher
18
This bug affects 2 people
Affects Status Importance Assigned to Milestone
network-manager (Ubuntu)
Fix Released
High
Unassigned
Jammy
Fix Released
Undecided
Unassigned

Bug Description

* Impact

It's a stable update from upstream, the changes are listed in the NEWS
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/nm-1-36/NEWS

* Test Case

Since it's an update with several fixes the testing should focus on a specific point but rather by validating that the testplan is green, https://wiki.ubuntu.com/NetworkManager/DistroTesting

* Regression potential

There are fixes around IPv6 handling, VPN connections and the hotspot feature, verify that those configurations are still working as expected.

Revision history for this message
Sebastien Bacher (seb128) wrote :
Changed in network-manager (Ubuntu):
importance: Undecided → High
status: New → Fix Released
Revision history for this message
Timo Aaltonen (tjaalton) wrote : Please test proposed package

Hello Sebastien, or anyone else affected,

Accepted network-manager into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/network-manager/1.36.6-0ubuntu1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in network-manager (Ubuntu Jammy):
status: New → Fix Committed
tags: added: verification-needed verification-needed-jammy
Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (network-manager/1.36.6-0ubuntu1)

All autopkgtests for the newly accepted network-manager (1.36.6-0ubuntu1) for jammy have finished running.
The following regressions have been reported in tests triggered by the package:

network-manager/1.36.6-0ubuntu1 (arm64)
systemd/249.11-0ubuntu3.1 (ppc64el, arm64)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/jammy/update_excuses.html#network-manager

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Sebastien Bacher (seb128) wrote :

The autopkgtest listed before worked on a retry

Revision history for this message
Sebastien Bacher (seb128) wrote :

1.36.6-0ubuntu1 is working as expected testing wifi, VPN, hotspot and standard desktop options. The autopkgtests showed no problem and we didn't get report of new problems.

tags: added: verification-done verification-done-jammy
removed: verification-needed verification-needed-jammy
Revision history for this message
Chris Halse Rogers (raof) wrote : Update Released

The verification of the Stable Release Update for network-manager has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package network-manager - 1.36.6-0ubuntu1

---------------
network-manager (1.36.6-0ubuntu1) jammy; urgency=medium

  * New stable version (lp: #1974428)
  * debian/gbp.conf:
    - updated the packaging vcs serie
  * d/p/supplicant-add-BIP-interface-capability.patch,
    d/p/supplicant-enable-WPA3-transition-mode-only-when-interfac.patch:
    - remove, included in the new version

 -- Sebastien Bacher <email address hidden> Fri, 20 May 2022 13:08:51 +0200

Changed in network-manager (Ubuntu Jammy):
status: Fix Committed → Fix Released
Revision history for this message
Kevin (the7thstranger) wrote :

All of a sudden SLAAC addresses are preferred over DHCPv6 addresses, which should not be happening. Setting ip6.privacy=0 no longer helps, nor does setting net.ipv6.conf.all.use_tempaddr = 0 with sysctl.

Revision history for this message
Sebastien Bacher (seb128) wrote :

Do you mean after this update? Could you do a new report and include details on the step to trigger the issue?

Revision history for this message
Kevin (the7thstranger) wrote :
Revision history for this message
Kevin (the7thstranger) wrote (last edit ):

@seb128 I have created a new bug report with links to the upstream commits. The core of the issue is that IPv6 addresses are now being added in the wrong order, so the kernel prefers SLAAC addresses over DHCPv6 addresses, which should be the other way around.

As this is a breaking change in IPv6 source address selection in an LTS release, I think the impact is severe. In my opinion, this update should never have reached stable, especially because this bug is known upstream and fixed in a later version. So this update introduced a known-broken release.

I'm already quite stressed how this will turn out at work after the weekend. We use source-based ACL's on all of our firewalls, giving static DHCPv6 leases to our client devices. Now all of a sudden those addresses are no longer being used for outgoing traffic, but instead the non-controllable SLAAC-addresses are. This will lock everyone out of all servers.

The only way to get the proper addresses to be preferred again seems to be to disable SLAAC on the router, because any local setting in NetworkManager no longer works. I can disable SLAAC without issues at home, because everything is 100% Ubuntu and Debian there. But in environments with other OS'es that don't support DHCPv6 (like Android), disabling SLAAC will break IPv6 on all such devices. Moreover, not everybody controls their own routers, so this really isn't much of a solution.

Other options would be to downgrade and apt-mark hold network-manager on all Ubuntu 22.04 devices, or to completely change server firewall infrastructure by whitelisting prefixes. As you can see, none of these options sound appealing.

So regarding the regression potential: it has severely regressed IPv6 handling, fundamentally changed IPv6 routing behaviour of a stable distribution, and definitely *not* fixed things.

Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS and 22.04 LTS - prior to this update - all preferred DHCPv6 addresses over SLAAC addresses unless "prefer temporary address" / ip6.privacy=2 was set. Debian sid - with a newer NetworkManager - also prefers DHCPv6 addresses over SLAAC addresses, and therefore Ubuntu kinetic will probably also do so, as this was fixed upstream in 1.38.0. It's just NetworkManager 1.36.6 that's broken, causing 22.04 LTS to now behave completely different from all other Ubuntu releases.

Revision history for this message
Sebastien Bacher (seb128) wrote :

Thanks, the new ticket is bug #1977619 and is being discussed upstream now

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.