Merge branch 'c8' into a8

.chrony.metadata

@@ -1,2 +1,2 @@
-4661e5df181a9761b73caeaef2f2ab755bbe086a SOURCES/chrony-4.5.tar.gz
-e021461c23fe4e5c46fd53c449587d8f6cc217ae SOURCES/clknetsim-5d1dc0.tar.gz
+0f5de043b395311a58bcf4be9800f7118afd5f59 SOURCES/chrony-4.2.tar.gz
+2e1fac8161ea8d92d76532c0b272fb31799bc310 SOURCES/clknetsim-824c48.tar.gz

.gitignore

@@ -1,2 +1,2 @@
-SOURCES/chrony-4.5.tar.gz
-SOURCES/clknetsim-5d1dc0.tar.gz
+SOURCES/chrony-4.2.tar.gz
+SOURCES/clknetsim-824c48.tar.gz

SOURCES/chrony-cmac.patch

@@ -1,56 +0,0 @@
-commit 8eb5dd54efd13aa0209aea38dbad2a7904377f75
-Author: Miroslav Lichvar <mlichvar@redhat.com>
-Date:   Tue Sep 17 13:00:43 2024 +0200
-
-    configure: enable AES-CMAC using gnutls
-    
-    Allow gnutls to be used for AES-CMAC when nettle doesn't support it
-    without switching also hashing.
-
-diff --git a/configure b/configure
-index eefe5de8..0fb3aa38 100755
---- a/configure
-+++ b/configure
-@@ -937,14 +937,26 @@ if [ $feat_sechash = "1" ] && [ "x$HASH_LINK" = "x" ] && [ $try_gnutls = "1" ];
-     HASH_LINK="$test_link"
-     MYCPPFLAGS="$MYCPPFLAGS $test_cflags"
-     add_def FEAT_SECHASH
-+  fi
-+fi
- 
--    if test_code 'CMAC in gnutls' 'gnutls/crypto.h' "$test_cflags" "$test_link" \
--      'return gnutls_hmac_init((void *)1, GNUTLS_MAC_AES_CMAC_128, (void *)2, 0);'
--    then
--      add_def HAVE_CMAC
--      EXTRA_OBJECTS="$EXTRA_OBJECTS cmac_gnutls.o"
--      EXTRA_CLI_OBJECTS="$EXTRA_CLI_OBJECTS cmac_gnutls.o"
--    fi
-+if [ $feat_sechash = "1" ] && [ $try_gnutls = "1" ] &&
-+    ! grep '#define HAVE_CMAC' config.h > /dev/null; then
-+  if [ "$HASH_OBJ" = "hash_gnutls.o" ]; then
-+    test_cflags=""
-+    test_link=""
-+  else
-+    test_cflags="`pkg_config --cflags gnutls`"
-+    test_link="`pkg_config --libs gnutls`"
-+  fi
-+  if test_code 'CMAC in gnutls' 'gnutls/crypto.h' "$test_cflags" "$test_link" \
-+    'return gnutls_hmac_init((void *)1, GNUTLS_MAC_AES_CMAC_128, (void *)2, 0);'
-+  then
-+    add_def HAVE_CMAC
-+    EXTRA_OBJECTS="$EXTRA_OBJECTS cmac_gnutls.o"
-+    EXTRA_CLI_OBJECTS="$EXTRA_CLI_OBJECTS cmac_gnutls.o"
-+    LIBS="$LIBS $test_link"
-+    MYCPPFLAGS="$MYCPPFLAGS $test_cflags"
-   fi
- fi
- 
-@@ -978,7 +990,7 @@ EXTRA_CLI_OBJECTS="$EXTRA_CLI_OBJECTS $HASH_OBJ"
- LIBS="$LIBS $HASH_LINK"
- 
- if [ $feat_ntp = "1" ] && [ $feat_nts = "1" ] && [ $try_gnutls = "1" ]; then
--  if [ "$HASH_OBJ" = "hash_gnutls.o" ]; then
-+  if echo "$HASH_OBJ $EXTRA_OBJECTS" | grep "_gnutls\.o" > /dev/null; then
-     test_cflags=""
-     test_link=""
-   else

SOURCES/chrony-defconfig.patch

@@ -27,12 +27,3 @@ diff -up chrony-4.1/examples/chrony.conf.example2.defconfig chrony-4.1/examples/
  # Get TAI-UTC offset and leap seconds from the system tz database.
  #leapsectz right/UTC
  
-diff -up chrony-4.5/examples/chrony.keys.example.keys chrony-4.5/examples/chrony.keys.example
---- chrony-4.5/examples/chrony.keys.example.keys	2023-12-05 14:22:10.000000000 +0100
-+++ chrony-4.5/examples/chrony.keys.example	2023-12-06 09:59:26.089508934 +0100
-@@ -11,5 +11,3 @@
- #1 MD5 AVeryLongAndRandomPassword
- #2 MD5 HEX:12114855C7931009B4049EF3EFC48A139C3F989F
- #3 SHA1 HEX:B2159C05D6A219673A3B7E896B6DE07F6A440995
--#4 AES128 HEX:2DA837C4B6573748CA692B8C828E4891
--#5 AES256 HEX:2666B8099BFF2D5BA20876121788ED24D2BE59111B8FFB562F0F56AE6EC7246E

SOURCES/chrony-ipsourcename.patch

@@ -0,0 +1,108 @@
+commit 33a1fe7a9ce223d6287ab7b11bca3208e9255cdd
+Author: Miroslav Lichvar <mlichvar@redhat.com>
+Date:   Wed Mar 9 15:30:16 2022 +0100
+
+    ntp: split out conf_id allocation
+
+diff --git a/ntp_sources.c b/ntp_sources.c
+index 3cbb2ae7..30770825 100644
+--- a/ntp_sources.c
++++ b/ntp_sources.c
+@@ -698,21 +698,25 @@ static int get_unused_pool_id(void)
+ 
+ /* ================================================== */
+ 
+-NSR_Status
+-NSR_AddSource(NTP_Remote_Address *remote_addr, NTP_Source_Type type,
+-              SourceParameters *params, uint32_t *conf_id)
++static uint32_t
++get_next_conf_id(uint32_t *conf_id)
+ {
+-  NSR_Status s;
+-
+-  s = add_source(remote_addr, NULL, type, params, INVALID_POOL, last_conf_id + 1);
+-  if (s != NSR_Success)
+-    return s;
+-
+   last_conf_id++;
++
+   if (conf_id)
+     *conf_id = last_conf_id;
+ 
+-  return s;
++  return last_conf_id;
++}
++
++/* ================================================== */
++
++NSR_Status
++NSR_AddSource(NTP_Remote_Address *remote_addr, NTP_Source_Type type,
++              SourceParameters *params, uint32_t *conf_id)
++{
++  return add_source(remote_addr, NULL, type, params, INVALID_POOL,
++                    get_next_conf_id(conf_id));
+ }
+ 
+ /* ================================================== */
+@@ -725,6 +729,7 @@ NSR_AddSourceByName(char *name, int port, int pool, NTP_Source_Type type,
+   struct SourcePool *sp;
+   NTP_Remote_Address remote_addr;
+   int i, new_sources, pool_id;
++  uint32_t cid;
+ 
+   /* If the name is an IP address, add the source with the address directly */
+   if (UTI_StringToIP(name, &remote_addr.ip_addr)) {
+@@ -770,14 +775,12 @@ NSR_AddSourceByName(char *name, int port, int pool, NTP_Source_Type type,
+ 
+   append_unresolved_source(us);
+ 
+-  last_conf_id++;
+-  if (conf_id)
+-    *conf_id = last_conf_id;
++  cid = get_next_conf_id(conf_id);
+ 
+   for (i = 0; i < new_sources; i++) {
+     if (i > 0)
+       remote_addr.ip_addr.addr.id = ++last_address_id;
+-    if (add_source(&remote_addr, name, type, params, us->pool_id, last_conf_id) != NSR_Success)
++    if (add_source(&remote_addr, name, type, params, us->pool_id, cid) != NSR_Success)
+       return NSR_TooManySources;
+   }
+ 
+
+commit 1219f99935ca9597eb0e4f4c6039e536462cf1a6
+Author: Miroslav Lichvar <mlichvar@redhat.com>
+Date:   Wed Mar 9 15:34:16 2022 +0100
+
+    ntp: keep original source IP address
+    
+    When an added source is specified by IP address, save the original
+    string instead of formatting a new string from the parsed address, which
+    can be different (e.g. compressed vs expanded IPv6 address).
+    
+    This fixes the chronyc sourcename command and -N option to print the IP
+    address exactly as it was specified in the configuration file or chronyc
+    add command.
+
+diff --git a/ntp_sources.c b/ntp_sources.c
+index 30770825..d46c211d 100644
+--- a/ntp_sources.c
++++ b/ntp_sources.c
+@@ -353,7 +353,6 @@ add_source(NTP_Remote_Address *remote_addr, char *name, NTP_Source_Type type,
+       record_lock = 1;
+ 
+       record = get_record(slot);
+-      assert(!name || !UTI_IsStringIP(name));
+       record->name = Strdup(name ? name : UTI_IPToString(&remote_addr->ip_addr));
+       record->data = NCR_CreateInstance(remote_addr, type, params, record->name);
+       record->remote_addr = NCR_GetRemoteAddress(record->data);
+@@ -734,7 +733,8 @@ NSR_AddSourceByName(char *name, int port, int pool, NTP_Source_Type type,
+   /* If the name is an IP address, add the source with the address directly */
+   if (UTI_StringToIP(name, &remote_addr.ip_addr)) {
+     remote_addr.port = port;
+-    return NSR_AddSource(&remote_addr, type, params, conf_id);
++    return add_source(&remote_addr, name, type, params, INVALID_POOL,
++                      get_next_conf_id(conf_id));
+   }
+ 
+   /* Make sure the name is at least printable and has no spaces */

SOURCES/chrony-nm-dispatcher-dhcp.patch

@@ -1,67 +1,3 @@
-First, revert upstream changes since 4.2
-
-diff --git a/examples/chrony.nm-dispatcher.dhcp b/examples/chrony.nm-dispatcher.dhcp
-index 547ce83f..6ea4c370 100644
---- a/examples/chrony.nm-dispatcher.dhcp
-+++ b/examples/chrony.nm-dispatcher.dhcp
-@@ -1,7 +1,8 @@
- #!/bin/sh
- # This is a NetworkManager dispatcher script for chronyd to update
--# its NTP sources with servers from DHCP options passed by NetworkManager
--# in the DHCP4_NTP_SERVERS and DHCP6_DHCP6_NTP_SERVERS environment variables.
-+# its NTP sources passed from DHCP options. Note that this script is
-+# specific to NetworkManager-dispatcher due to use of the
-+# DHCP4_NTP_SERVERS environment variable.
- 
- export LC_ALL=C
- 
-@@ -9,23 +10,17 @@ interface=$1
- action=$2
- 
- chronyc=/usr/bin/chronyc
--server_options=iburst
-+default_server_options=iburst
- server_dir=/var/run/chrony-dhcp
- 
- dhcp_server_file=$server_dir/$interface.sources
--dhcp_ntp_servers="$DHCP4_NTP_SERVERS $DHCP6_DHCP6_NTP_SERVERS"
-+# DHCP4_NTP_SERVERS is passed from DHCP options by NetworkManager.
-+nm_dhcp_servers=$DHCP4_NTP_SERVERS
- 
- add_servers_from_dhcp() {
-     rm -f "$dhcp_server_file"
--    for server in $dhcp_ntp_servers; do
--        # Check for invalid characters (from the DHCPv6 NTP FQDN suboption)
--        len1=$(printf '%s' "$server" | wc -c)
--        len2=$(printf '%s' "$server" | tr -d -c 'A-Za-z0-9:.-' | wc -c)
--        if [ "$len1" -ne "$len2" ] || [ "$len2" -lt 1 ] || [ "$len2" -gt 255 ]; then
--          continue
--        fi
--
--        printf 'server %s %s\n' "$server" "$server_options" >> "$dhcp_server_file"
-+    for server in $nm_dhcp_servers; do
-+        echo "server $server $default_server_options" >> "$dhcp_server_file"
-     done
-     $chronyc reload sources > /dev/null 2>&1 || :
- }
-@@ -39,11 +34,10 @@ clear_servers_from_dhcp() {
- 
- mkdir -p $server_dir
- 
--case "$action" in
--    up|dhcp4-change|dhcp6-change)
--        add_servers_from_dhcp;;
--    down)
--        clear_servers_from_dhcp;;
--esac
-+if [ "$action" = "up" ] || [ "$action" = "dhcp4-change" ]; then
-+    add_servers_from_dhcp
-+elif [ "$action" = "down" ]; then
-+    clear_servers_from_dhcp
-+fi
- 
- exit 0
-
 From: Robert Fairley <rfairley@redhat.com>
 Date: Wed, 17 Jun 2020 10:14:19 -0400
 Subject: [PATCH] examples/nm-dispatcher.dhcp: use sysconfig

SOURCES/chrony-reload.patch

@@ -1,86 +0,0 @@
-commit f49be7f06343ee27fff2950937d7f6742f53976f
-Author: Miroslav Lichvar <mlichvar@redhat.com>
-Date:   Tue Mar 12 14:30:27 2024 +0100
-
-    conf: don't load sourcedir during initstepslew and RTC init
-    
-    If the reload sources command was received in the chronyd start-up
-    sequence with initstepslew and/or RTC init (-s option), the sources
-    loaded from sourcedirs caused a crash due to failed assertion after
-    adding sources specified in the config.
-    
-    Ignore the reload sources command until chronyd enters the normal
-    operation mode.
-    
-    Fixes: 519796de3756 ("conf: add sourcedirs directive")
-
-diff --git a/conf.c b/conf.c
-index 6eae11c9..8849bdce 100644
---- a/conf.c
-+++ b/conf.c
-@@ -298,6 +298,8 @@ static ARR_Instance ntp_sources;
- static ARR_Instance ntp_source_dirs;
- /* Array of uint32_t corresponding to ntp_sources (for sourcedirs reload) */
- static ARR_Instance ntp_source_ids;
-+/* Flag indicating ntp_sources and ntp_source_ids are used for sourcedirs */
-+static int conf_ntp_sources_added = 0;
- 
- /* Array of RefclockParameters */
- static ARR_Instance refclock_sources;
-@@ -1689,8 +1691,12 @@ reload_source_dirs(void)
-   NSR_Status s;
-   int d, pass;
- 
-+  /* Ignore reload command before adding configured sources */
-+  if (!conf_ntp_sources_added)
-+    return;
-+
-   prev_size = ARR_GetSize(ntp_source_ids);
--  if (prev_size > 0 && ARR_GetSize(ntp_sources) != prev_size)
-+  if (ARR_GetSize(ntp_sources) != prev_size)
-     assert(0);
- 
-   /* Save the current sources and their configuration IDs */
-@@ -1859,7 +1865,10 @@ CNF_AddSources(void)
-     Free(source->params.name);
-   }
- 
-+  /* The arrays will be used for sourcedir (re)loading */
-   ARR_SetSize(ntp_sources, 0);
-+  ARR_SetSize(ntp_source_ids, 0);
-+  conf_ntp_sources_added = 1;
- 
-   reload_source_dirs();
- }
-diff --git a/test/simulation/203-initreload b/test/simulation/203-initreload
-new file mode 100755
-index 00000000..cf7924b8
---- /dev/null
-+++ b/test/simulation/203-initreload
-@@ -0,0 +1,26 @@
-+#!/usr/bin/env bash
-+
-+. ./test.common
-+
-+check_config_h 'FEAT_CMDMON 1' || test_skip
-+
-+# Test fix "conf: don't load sourcedir during initstepslew and RTC init"
-+
-+test_start "reload during initstepslew"
-+
-+client_conf="initstepslew 5 192.168.123.1
-+sourcedir tmp"
-+client_server_conf="#"
-+chronyc_conf="reload sources"
-+chronyc_start=4
-+
-+echo 'server 192.168.123.1' > tmp/sources.sources
-+
-+run_test || test_fail
-+check_chronyd_exit || test_fail
-+check_source_selection || test_fail
-+check_sync || test_fail
-+
-+check_log_messages "Added source 192\.168\.123\.1" 1 1 || test_fail
-+
-+test_pass

SOURCES/chrony-serverstats.patch

@@ -1,39 +0,0 @@
-commit e11b518a1ffa704986fb1f1835c425844ba248ef
-Author: Miroslav Lichvar <mlichvar@redhat.com>
-Date:   Mon Jan 8 11:35:56 2024 +0100
-
-    ntp: fix authenticated requests in serverstats
-    
-    Fix the CLG_UpdateNtpStats() call to count requests passing the
-    authentication check instead of requests triggering a KoD response
-    (i.e. NTS NAK).
-
-diff --git a/ntp_core.c b/ntp_core.c
-index 023e60b2..35801744 100644
---- a/ntp_core.c
-+++ b/ntp_core.c
-@@ -2736,7 +2736,7 @@ NCR_ProcessRxUnknown(NTP_Remote_Address *remote_addr, NTP_Local_Address *local_a
-       CLG_DisableNtpTimestamps(&ntp_rx);
-   }
- 
--  CLG_UpdateNtpStats(kod != 0 && info.auth.mode != NTP_AUTH_NONE &&
-+  CLG_UpdateNtpStats(kod == 0 && info.auth.mode != NTP_AUTH_NONE &&
-                      info.auth.mode != NTP_AUTH_MSSNTP,
-                      rx_ts->source, interleaved ? tx_ts->source : NTP_TS_DAEMON);
- 
-diff --git a/test/system/010-nts b/test/system/010-nts
-index 8d92bbc8..b215efa3 100755
---- a/test/system/010-nts
-+++ b/test/system/010-nts
-@@ -45,6 +45,11 @@ check_chronyc_output "^Name/IP address             Mode KeyID Type KLen Last Atm
- =========================================================================
- 127\.0\.0\.1                    NTS     1   (30|15)  (128|256)    [0-9]    0    0    [78]  ( 64|100)$" || test_fail
- 
-+run_chronyc "serverstats" || test_fail
-+check_chronyc_output "NTS-KE connections accepted: 1
-+NTS-KE connections dropped : 0
-+Authenticated NTP packets  : [1-9][0-9]*" || test_fail
-+
- stop_chronyd || test_fail
- check_chronyd_messages || test_fail
- check_chronyd_files || test_fail

SOURCES/chrony-services.patch

@@ -2,7 +2,7 @@ diff --git a/examples/chrony-wait.service b/examples/chrony-wait.service
 index 72b028f2..b3aa7aa2 100644
 --- a/examples/chrony-wait.service
 +++ b/examples/chrony-wait.service
-@@ -16,31 +16,5 @@ TimeoutStartSec=180
+@@ -16,32 +16,5 @@ TimeoutStartSec=180
  RemainAfterExit=yes
  StandardOutput=null
  
@@ -15,6 +15,7 @@ index 72b028f2..b3aa7aa2 100644
 -MemoryDenyWriteExecute=yes
 -PrivateDevices=yes
 -PrivateUsers=yes
+-ProcSubset=pid
 -ProtectClock=yes
 -ProtectControlGroups=yes
 -ProtectHome=yes
@@ -38,7 +39,7 @@ diff --git a/examples/chronyd.service b/examples/chronyd.service
 index 4fb930ef..289548cb 100644
 --- a/examples/chronyd.service
 +++ b/examples/chronyd.service
-@@ -10,39 +10,9 @@ Type=forking
+@@ -10,40 +10,9 @@ Type=forking
  PIDFile=/run/chrony/chronyd.pid
  EnvironmentFile=-/etc/sysconfig/chronyd
  ExecStart=/usr/sbin/chronyd $OPTIONS
@@ -56,6 +57,7 @@ index 4fb930ef..289548cb 100644
 -MemoryDenyWriteExecute=yes
 -NoNewPrivileges=yes
  PrivateTmp=yes
+-ProcSubset=pid
 -ProtectControlGroups=yes
  ProtectHome=yes
 -ProtectHostname=yes

SPECS/chrony.spec

@@ -1,24 +1,24 @@
 %global _hardened_build 1
-%global clknetsim_ver 5d1dc0
+%global clknetsim_ver 824c48
 %global ntp2chrony_ver 233b75
 %bcond_without debug
 %bcond_without nts
 
 Name:           chrony
-Version:        4.5
-Release:        2%{?dist}
+Version:        4.2
+Release:        1%{?dist}.alma
 Summary:        An NTP client/server
 
 Group:          System Environment/Daemons
 License:        GPLv2
-URL:            https://chrony-project.org
-Source0:        https://chrony-project.org/releases/chrony-%{version}%{?prerelease}.tar.gz
+URL:            https://chrony.tuxfamily.org
+Source0:        https://download.tuxfamily.org/chrony/chrony-%{version}%{?prerelease}.tar.gz
 Source1:        chrony.dhclient
 Source2:        chrony.helper
 Source3:        chrony-dnssrv@.service
 Source4:        chrony-dnssrv@.timer
 # simulator for test suite
-Source10:       https://gitlab.com/chrony/clknetsim/-/archive/master/clknetsim-%{clknetsim_ver}.tar.gz
+Source10:       https://github.com/mlichvar/clknetsim/archive/%{clknetsim_ver}/clknetsim-%{clknetsim_ver}.tar.gz
 # script for converting ntp configuration to chrony
 Source11:       https://github.com/mlichvar/ntp2chrony/raw/%{ntp2chrony_ver}/ntp2chrony/ntp2chrony.py
 %{?gitpatch:Patch0: chrony-%{version}%{?prerelease}-%{gitpatch}.patch.gz}
@@ -30,14 +30,10 @@ Patch0:         chrony-services.patch
 Patch1:         chrony-nm-dispatcher-dhcp.patch
 # add NTP servers from DHCP when starting service
 Patch2:         chrony-service-helper.patch
-# revert upstream changes in packaged configuration examples
+# revert upstream changes in packaged chrony.conf example
 Patch3:         chrony-defconfig.patch
-# fix serverstats to correctly count authenticated packets
-Patch4:         chrony-serverstats.patch
-# fix crash on reload command during start
-Patch5:         chrony-reload.patch
-# enable AES-CMAC support using gnutls (but keep nettle for hashing)
-Patch6:         chrony-cmac.patch
+# fix chronyc sourcename command to print IP address in original format
+Patch4:         chrony-ipsourcename.patch
 
 BuildRequires:  libcap-devel libedit-devel nettle-devel pps-tools-devel
 %ifarch %{ix86} x86_64 %{arm} aarch64 mipsel mips64el ppc64 ppc64le s390 s390x
@@ -64,7 +60,7 @@ can also operate as an NTPv4 (RFC 5905) server and peer to provide a time
 service to other computers in the network.
 
 %if 0%{!?vendorzone:1}
-%global vendorzone %(source /etc/os-release && echo ${ID}.)
+%global vendorzone cloudlinux.
 %endif
 
 %prep
@@ -74,9 +70,7 @@ service to other computers in the network.
 %patch1 -p1 -b .nm-dispatcher-dhcp
 %patch2 -p1 -b .service-helper
 %patch3 -p1 -b .defconfig
-%patch4 -p1 -b .serverstats
-%patch5 -p1
-%patch6 -p1 -b .cmac
+%patch4 -p1 -b .ipsourcename
 
 %{?gitpatch: echo %{version}-%{gitpatch} > version.txt}
 
@@ -87,7 +81,7 @@ md5sum -c <<-EOF | (! grep -v 'OK$')
         96999221eeef476bd49fe97b97503126  examples/chrony.keys.example
         6a3178c4670de7de393d9365e2793740  examples/chrony.logrotate
         fabb5b3f127b802c27c82837feff0fe6  examples/chrony.nm-dispatcher.dhcp
-        4e85d36595727318535af3387411070c  examples/chrony.nm-dispatcher.onoffline
+        8f5a98fcb400a482d355b929d04b5518  examples/chrony.nm-dispatcher.onoffline
         56d221eba8ce8a2e03d3e0dd87999a81  examples/chronyd.service
 EOF
 
@@ -108,7 +102,7 @@ touch -r examples/chrony.conf.example2 chrony.conf
 # regenerate the file from getdate.y
 rm -f getdate.c
 
-mv clknetsim-*-%{clknetsim_ver}* test/simulation/clknetsim
+mv clknetsim-%{clknetsim_ver}* test/simulation/clknetsim
 
 install -m 644 -p %{SOURCE11} ntp2chrony.py
 
@@ -225,18 +219,13 @@ fi
 %dir %attr(750,chrony,chrony) %{_localstatedir}/log/chrony
 
 %changelog
-* Wed Sep 18 2024 Miroslav Lichvar <mlichvar@redhat.com> 4.5-2.el8_10
-- fix crash on reload command during start (RHEL-59112)
-- enable AES-CMAC support using gnutls (RHEL-59032)
-
-* Wed Jan 10 2024 Miroslav Lichvar <mlichvar@redhat.com> 4.5-1
-- update to 4.5 (RHEL-21069 RHEL-10701)
+* Tue Nov 08 2022 Andrew Lukoshko <alukoshko@almalinux.org> - 4.2-1.alma
+- use cloudlinux ntp pool
 
 * Thu Jul 14 2022 Miroslav Lichvar <mlichvar@redhat.com> 4.2-1
 - update to 4.2 (#2062356)
 - fix chrony-helper to delete sources by their original name (#2061660)
 - update ntp2chrony script (#2018045 #2063766)
-
 * Tue Jun 15 2021 Miroslav Lichvar <mlichvar@redhat.com> 4.1-1
 - update to 4.1 (#1895003 #1847853 #1929157)
 - add NetworkManager dispatcher script to add servers from DHCP even without