diff -Nru network-manager-1.2.2/debian/changelog network-manager-1.2.2/debian/changelog
--- network-manager-1.2.2/debian/changelog	2016-08-03 16:00:34.000000000 +0000
+++ network-manager-1.2.2/debian/changelog	2016-09-27 14:29:22.000000000 +0000
@@ -1,3 +1,25 @@
+network-manager (1.2.2-0ubuntu0.16.04.3) xenial; urgency=medium
+
+  * debian/tests/wpa-dhclient: Don't assume that the IPv6 prefix length from
+    the DHCP server is /64. (LP: #1609898)
+
+ -- Martin Pitt <martin.pitt@ubuntu.com>  Tue, 27 Sep 2016 16:29:22 +0200
+
+network-manager (1.2.2-0ubuntu0.16.04.2) xenial; urgency=medium
+
+  [ Martin Pitt ]
+  * Read config and system connections from /run/NetworkManager/ to support
+    netplan (LP: #1627641)
+  * debian/gbp.conf: Set debian-branch to xenial
+
+  [ Mathieu Trudel-Lapierre ]
+  * Add dns-manager-don-t-merge-split-DNS-search-domains.patch: do not add
+    split DNS search domains to resolv.conf; doing so would risk leaking names
+    to non-VPN DNS nameservers when attempting to resolve non- FQDN names.
+    (LP: #1592721)
+
+ -- Martin Pitt <martin.pitt@ubuntu.com>  Tue, 27 Sep 2016 10:33:54 +0200
+
 network-manager (1.2.2-0ubuntu0.16.04.1) xenial; urgency=medium
 
   * Rebase to upstream 1.2.2 release, patches: (LP: #1589557)
diff -Nru network-manager-1.2.2/debian/gbp.conf network-manager-1.2.2/debian/gbp.conf
--- network-manager-1.2.2/debian/gbp.conf	2016-08-03 15:58:26.000000000 +0000
+++ network-manager-1.2.2/debian/gbp.conf	2016-09-27 14:29:22.000000000 +0000
@@ -1,5 +1,5 @@
 [DEFAULT]
 pristine-tar = True
 patch-numbers = False
-debian-branch = master
+debian-branch = xenial
 
diff -Nru network-manager-1.2.2/debian/patches/dns-manager-don-t-merge-split-DNS-search-domains.patch network-manager-1.2.2/debian/patches/dns-manager-don-t-merge-split-DNS-search-domains.patch
--- network-manager-1.2.2/debian/patches/dns-manager-don-t-merge-split-DNS-search-domains.patch	1970-01-01 00:00:00.000000000 +0000
+++ network-manager-1.2.2/debian/patches/dns-manager-don-t-merge-split-DNS-search-domains.patch	2016-09-27 14:29:22.000000000 +0000
@@ -0,0 +1,109 @@
+From: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
+Date: Wed, 15 Jun 2016 16:07:27 +0300
+Subject: dns-manager: don't merge split-DNS search domains
+
+Signed-off-by: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1592721
+---
+ src/dns-manager/nm-dns-manager.c | 44 ++++++++++++++++++++++------------------
+ 1 file changed, 24 insertions(+), 20 deletions(-)
+
+diff --git a/src/dns-manager/nm-dns-manager.c b/src/dns-manager/nm-dns-manager.c
+index 9b7092c..50e65c3 100644
+--- a/src/dns-manager/nm-dns-manager.c
++++ b/src/dns-manager/nm-dns-manager.c
+@@ -201,7 +201,7 @@ add_dns_option_item (GPtrArray *array, const char *str, gboolean ipv6)
+ }
+ 
+ static void
+-merge_one_ip4_config (NMResolvConfData *rc, NMIP4Config *src)
++merge_one_ip4_config (NMResolvConfData *rc, NMIP4Config *src, gboolean never_default)
+ {
+ 	guint32 num, num_domains, num_searches, i;
+ 
+@@ -214,13 +214,15 @@ merge_one_ip4_config (NMResolvConfData *rc, NMIP4Config *src)
+ 	num_domains = nm_ip4_config_get_num_domains (src);
+ 	num_searches = nm_ip4_config_get_num_searches (src);
+ 
+-	for (i = 0; i < num_searches; i++) {
+-		const char *search;
++	if (!never_default) {
++		for (i = 0; i < num_searches; i++) {
++			const char *search;
+ 
+-		search = nm_ip4_config_get_search (src, i);
+-		if (!DOMAIN_IS_VALID (search))
+-			continue;
+-		add_string_item (rc->searches, search);
++			search = nm_ip4_config_get_search (src, i);
++			if (!DOMAIN_IS_VALID (search))
++				continue;
++			add_string_item (rc->searches, search);
++		}
+ 	}
+ 
+ 	if (num_domains > 1 || !num_searches) {
+@@ -257,7 +259,7 @@ merge_one_ip4_config (NMResolvConfData *rc, NMIP4Config *src)
+ }
+ 
+ static void
+-merge_one_ip6_config (NMResolvConfData *rc, NMIP6Config *src)
++merge_one_ip6_config (NMResolvConfData *rc, NMIP6Config *src, gboolean never_default)
+ {
+ 	guint32 num, num_domains, num_searches, i;
+ 	const char *iface;
+@@ -287,13 +289,15 @@ merge_one_ip6_config (NMResolvConfData *rc, NMIP6Config *src)
+ 	num_domains = nm_ip6_config_get_num_domains (src);
+ 	num_searches = nm_ip6_config_get_num_searches (src);
+ 
+-	for (i = 0; i < num_searches; i++) {
+-		const char *search;
++	if (!never_default) {
++		for (i = 0; i < num_searches; i++) {
++			const char *search;
+ 
+-		search = nm_ip6_config_get_search (src, i);
+-		if (!DOMAIN_IS_VALID (search))
+-			continue;
+-		add_string_item (rc->searches, search);
++			search = nm_ip6_config_get_search (src, i);
++			if (!DOMAIN_IS_VALID (search))
++				continue;
++			add_string_item (rc->searches, search);
++		}
+ 	}
+ 
+ 	if (num_domains > 1 || !num_searches) {
+@@ -881,14 +885,14 @@ update_dns (NMDnsManager *self,
+ 		merge_global_dns_config (&rc, global_config);
+ 	else {
+ 		if (priv->ip4_vpn_config)
+-			merge_one_ip4_config (&rc, priv->ip4_vpn_config);
++			merge_one_ip4_config (&rc, priv->ip4_vpn_config, nm_ip4_config_get_never_default (priv->ip4_vpn_config));
+ 		if (priv->ip4_device_config)
+-			merge_one_ip4_config (&rc, priv->ip4_device_config);
++			merge_one_ip4_config (&rc, priv->ip4_device_config, FALSE);
+ 
+ 		if (priv->ip6_vpn_config)
+-			merge_one_ip6_config (&rc, priv->ip6_vpn_config);
++			merge_one_ip6_config (&rc, priv->ip6_vpn_config, nm_ip6_config_get_never_default (priv->ip6_vpn_config));
+ 		if (priv->ip6_device_config)
+-			merge_one_ip6_config (&rc, priv->ip6_device_config);
++			merge_one_ip6_config (&rc, priv->ip6_device_config, FALSE);
+ 
+ 		for (iter = priv->configs; iter; iter = g_slist_next (iter)) {
+ 			if (NM_IN_SET (iter->data, priv->ip4_vpn_config,
+@@ -900,11 +904,11 @@ update_dns (NMDnsManager *self,
+ 			if (NM_IS_IP4_CONFIG (iter->data)) {
+ 				NMIP4Config *config = NM_IP4_CONFIG (iter->data);
+ 
+-				merge_one_ip4_config (&rc, config);
++				merge_one_ip4_config (&rc, config, FALSE);
+ 			} else if (NM_IS_IP6_CONFIG (iter->data)) {
+ 				NMIP6Config *config = NM_IP6_CONFIG (iter->data);
+ 
+-				merge_one_ip6_config (&rc, config);
++				merge_one_ip6_config (&rc, config, FALSE);
+ 			} else
+ 				g_assert_not_reached ();
+ 		}
diff -Nru network-manager-1.2.2/debian/patches/Read-config-from-run.patch network-manager-1.2.2/debian/patches/Read-config-from-run.patch
--- network-manager-1.2.2/debian/patches/Read-config-from-run.patch	1970-01-01 00:00:00.000000000 +0000
+++ network-manager-1.2.2/debian/patches/Read-config-from-run.patch	2016-09-27 14:29:22.000000000 +0000
@@ -0,0 +1,61 @@
+From: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
+Date: Tue, 14 Jun 2016 15:01:20 +0300
+Subject: Read config from /run
+
+Signed-off-by: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1591898
+---
+ src/nm-config.c | 19 +++++++++++++++++++
+ 1 file changed, 19 insertions(+)
+
+diff --git a/src/nm-config.c b/src/nm-config.c
+index 247b9a8..b72bb43 100644
+--- a/src/nm-config.c
++++ b/src/nm-config.c
+@@ -39,6 +39,7 @@
+ #define DEFAULT_SYSTEM_CONFIG_DIR       NMLIBDIR  "/conf.d"
+ #define DEFAULT_NO_AUTO_DEFAULT_FILE    NMSTATEDIR "/no-auto-default.state"
+ #define DEFAULT_INTERN_CONFIG_FILE      NMSTATEDIR "/NetworkManager-intern.conf"
++#define RUN_CONFIG_DIR                NMRUNDIR "/conf.d"
+ 
+ struct NMConfigCmdLineOptions {
+ 	char *config_main_file;
+@@ -897,6 +898,7 @@ read_entire_config (const NMConfigCmdLineOptions *cli,
+ 	GKeyFile *keyfile;
+ 	gs_unref_ptrarray GPtrArray *system_confs = NULL;
+ 	gs_unref_ptrarray GPtrArray *confs = NULL;
++	gs_unref_ptrarray GPtrArray *run_confs = NULL;
+ 	guint i;
+ 	gs_free char *o_config_main_file = NULL;
+ 	GString *str;
+@@ -918,6 +920,7 @@ read_entire_config (const NMConfigCmdLineOptions *cli,
+ 
+ 	system_confs = _get_config_dir_files (system_config_dir);
+ 	confs = _get_config_dir_files (config_dir);
++	run_confs = _get_config_dir_files (RUN_CONFIG_DIR);
+ 
+ 	for (i = 0; i < system_confs->len; ) {
+ 		const char *filename = system_confs->pdata[i];
+@@ -935,6 +938,22 @@ read_entire_config (const NMConfigCmdLineOptions *cli,
+ 		i++;
+ 	}
+ 
++	for (i = 0; i < run_confs->len; ) {
++		const char *filename = run_confs->pdata[i];
++
++		/* if a same named file exists in config_dir, skip it. */
++		if (_nm_utils_strv_find_first ((char **) confs->pdata, confs->len, filename) >= 0) {
++			g_ptr_array_remove_index (run_confs, i);
++			continue;
++		}
++
++		if (!read_config (keyfile, FALSE, RUN_CONFIG_DIR, filename, error)) {
++			g_key_file_free (keyfile);
++			return NULL;
++		}
++		i++;
++	}
++
+ 	/* First read the base config file */
+ 	if (!read_base_config (keyfile, cli ? cli->config_main_file : NULL, &o_config_main_file, error)) {
+ 		g_key_file_free (keyfile);
diff -Nru network-manager-1.2.2/debian/patches/Read-system-connections-from-run.patch network-manager-1.2.2/debian/patches/Read-system-connections-from-run.patch
--- network-manager-1.2.2/debian/patches/Read-system-connections-from-run.patch	1970-01-01 00:00:00.000000000 +0000
+++ network-manager-1.2.2/debian/patches/Read-system-connections-from-run.patch	2016-09-27 14:29:22.000000000 +0000
@@ -0,0 +1,62 @@
+From: Martin Pitt <martin.pitt@ubuntu.com>
+Date: Tue, 21 Jun 2016 17:22:12 +0200
+Subject: Read system-connections from /run
+
+Bug-Ubuntu: https://launchpad.net/bugs/1594551
+---
+ src/nm-config.c                       |  5 +++--
+ src/settings/plugins/keyfile/plugin.c | 18 ++++++++++++++++++
+ 2 files changed, 21 insertions(+), 2 deletions(-)
+
+diff --git a/src/nm-config.c b/src/nm-config.c
+index b72bb43..1d5e97a 100644
+--- a/src/nm-config.c
++++ b/src/nm-config.c
+@@ -925,8 +925,9 @@ read_entire_config (const NMConfigCmdLineOptions *cli,
+ 	for (i = 0; i < system_confs->len; ) {
+ 		const char *filename = system_confs->pdata[i];
+ 
+-		/* if a same named file exists in config_dir, skip it. */
+-		if (_nm_utils_strv_find_first ((char **) confs->pdata, confs->len, filename) >= 0) {
++		/* if a same named file exists in config_dir or RUN_CONFIG_DIR, skip it. */
++		if (_nm_utils_strv_find_first ((char **) confs->pdata, confs->len, filename) >= 0 ||
++		    _nm_utils_strv_find_first ((char **) run_confs->pdata, run_confs->len, filename) >= 0) {
+ 			g_ptr_array_remove_index (system_confs, i);
+ 			continue;
+ 		}
+diff --git a/src/settings/plugins/keyfile/plugin.c b/src/settings/plugins/keyfile/plugin.c
+index 6003c74..8a968c1 100644
+--- a/src/settings/plugins/keyfile/plugin.c
++++ b/src/settings/plugins/keyfile/plugin.c
+@@ -386,6 +386,8 @@ _sort_paths (const char **f1, const char **f2, GHashTable *paths)
+ 	return strcmp (*f1, *f2);
+ }
+ 
++#define NM_CONFIG_KEYFILE_PATH_RUNTIME "/run/NetworkManager/system-connections"
++
+ static void
+ read_connections (NMSettingsPlugin *config)
+ {
+@@ -421,6 +423,22 @@ read_connections (NMSettingsPlugin *config)
+ 	}
+ 	g_dir_close (dir);
+ 
++	/* Now add files from /run too, unless they have a file in /etc */
++	dir = g_dir_open (NM_CONFIG_KEYFILE_PATH_RUNTIME, 0, &error);
++	if (dir) {
++		while ((item = g_dir_read_name (dir))) {
++			g_autofree char *etc_file = g_build_filename (nm_keyfile_plugin_get_path (), item, NULL);
++			if (nm_keyfile_plugin_utils_should_ignore_file (item) || g_access (etc_file, F_OK) == 0)
++				continue;
++			g_ptr_array_add (filenames, g_build_filename (NM_CONFIG_KEYFILE_PATH_RUNTIME, item, NULL));
++		}
++		g_dir_close (dir);
++	} else {
++		nm_log_dbg (LOGD_SETTINGS, "keyfile: cannot read directory " NM_CONFIG_KEYFILE_PATH_RUNTIME ": %s",
++		            error->message);
++		g_clear_error (&error);
++	}
++
+ 	/* While reloading, we don't replace connections that we already loaded while
+ 	 * iterating over the files.
+ 	 *
diff -Nru network-manager-1.2.2/debian/patches/series network-manager-1.2.2/debian/patches/series
--- network-manager-1.2.2/debian/patches/series	2016-08-03 15:58:26.000000000 +0000
+++ network-manager-1.2.2/debian/patches/series	2016-09-27 14:29:22.000000000 +0000
@@ -10,6 +10,8 @@
 Don-t-make-NetworkManager-D-Bus-activatable.patch
 Don-t-block-network.target-on-NetworkManager-wait-on.patch
 Fix-iscsiadm-path.patch
+Read-config-from-run.patch
+Read-system-connections-from-run.patch
 
 # ubuntu-specific
 whoopsie-daisy-dbus-support.patch
@@ -45,3 +47,4 @@
 libnm-Check-self-still-NMManager-or-not.patch
 libnm-don-t-require-initialized-out_encrypted-argume.patch
 cli-initialize-connection-list-in-do_device_connect.patch
+dns-manager-don-t-merge-split-DNS-search-domains.patch
diff -Nru network-manager-1.2.2/debian/tests/wpa-dhclient network-manager-1.2.2/debian/tests/wpa-dhclient
--- network-manager-1.2.2/debian/tests/wpa-dhclient	2016-08-03 15:58:26.000000000 +0000
+++ network-manager-1.2.2/debian/tests/wpa-dhclient	2016-09-27 14:29:22.000000000 +0000
@@ -225,7 +225,7 @@
         else:
             if not ipv6_mode:
                 # has global address from our DHCP server
-                self.assertRegex(out, 'inet6 2600::[0-9a-z]+/64')
+                self.assertRegex(out, 'inet6 2600::[0-9a-z]+/\d')
             else:
                 # has address with our prefix and MAC
                 self.assertRegex(out, 'inet6 2600::ff:fe00:[0-9a-z]+/64 scope global (?:tentative )?(?:mngtmpaddr )?dynamic')