Add-AlmaLinux-OS-and-CloudLinux-OS-support-to.patch

SOURCES/0003-downstream-Retain-exit-code-in-cloud-init-status-for.patch

@@ -0,0 +1,68 @@
+From d211a3a03b548a759c4a64e63044b2ea034f2999 Mon Sep 17 00:00:00 2001
+From: Ani Sinha <anisinha@redhat.com>
+Date: Tue, 12 Mar 2024 12:52:10 +0530
+Subject: [PATCH] downstream: Retain exit code in cloud-init status for
+ recoverable errors
+
+RH-Author: Ani Sinha <None>
+RH-MergeRequest: 71: Retain exit code in cloud-init status for recoverable errors
+RH-Jira: RHEL-28549
+RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+RH-Acked-by: Cathy Avery <cavery@redhat.com>
+RH-Commit: [1/1] 00934ade88c481c012bc1947fa44e5ed59f82858 (anisinha/cloud-init)
+
+Version 23.4 of cloud-init changed the status code reported by cloud-init for
+recoverable errors from 0 to 2. Please see the commit
+70acb7f2a30d58 ("Add support for cloud-init "degraded" state (#4500)")
+
+This change has the potential to break customers who are expecting a 0 status
+and where warnings can be expected. Hence, revert the status code from 2 to 0
+even in case of recoverable errors. This retains the old behavior and hence
+avoids breaking scripts and software stack that expects 0 on the end user side.
+
+Cannonical has made a similar change downstream for similar reasons. Please see
+https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/2048522
+and the corresponding downstream patch:
+https://github.com/canonical/cloud-init/pull/4747/commits/adce34bfd214e4eecdf87329486f30f0898dd303
+
+This patch has limited risk as it narrowly only restores the old status
+code for recoverable errors and does not modify anything else.
+
+X-downstream-only: true
+Signed-off-by: Ani Sinha <anisinha@redhat.com>
+
+Patch-name: ci-Retain-exit-code-in-cloud-init-status-for-recoverabl.patch
+Patch-id: 12
+Patch-present-in-specfile: True
+(cherry picked from commit 424eb97cff0bd97967c82214308693481f17a50a)
+---
+ cloudinit/cmd/status.py            | 2 +-
+ tests/unittests/cmd/test_status.py | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/cloudinit/cmd/status.py b/cloudinit/cmd/status.py
+index 98084a492..0dfb9b2f7 100644
+--- a/cloudinit/cmd/status.py
++++ b/cloudinit/cmd/status.py
+@@ -251,7 +251,7 @@ def handle_status_args(name, args) -> int:
+         return 1
+     # Recoverable error
+     elif details.condition_status == ConditionStatus.DEGRADED:
+-        return 2
++        return 0
+     return 0
+ 
+ 
+diff --git a/tests/unittests/cmd/test_status.py b/tests/unittests/cmd/test_status.py
+index 022e4034c..da41fa98f 100644
+--- a/tests/unittests/cmd/test_status.py
++++ b/tests/unittests/cmd/test_status.py
+@@ -664,7 +664,7 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
+                 },
+                 None,
+                 MyArgs(long=False, wait=False, format="json"),
+-                2,
++                0,
+                 {
+                     "boot_status_code": "enabled-by-kernel-command-line",
+                     "datasource": "nocloud",

SOURCES/ci-fix-Don-t-attempt-to-identify-non-x86-OpenStack-inst.patch

@@ -0,0 +1,177 @@
+From cce7faf49aeb3b53433b9b7bcc48ca2e7dbaee64 Mon Sep 17 00:00:00 2001
+From: Brett Holman <brett.holman@canonical.com>
+Date: Thu, 22 Aug 2024 16:54:53 -0600
+Subject: [PATCH 1/2] fix: Don't attempt to identify non-x86 OpenStack
+ instances
+
+RH-Author: Ani Sinha <anisinha@redhat.com>
+RH-MergeRequest: 129: CVE-2024-6174:  fix: Don't attempt to identify non-x86 OpenStack instances
+RH-Jira: RHEL-100615
+RH-Acked-by: xiachen <xiachen@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Commit: [1/2] 71a7a1b189d33ff43dc439ecf73c996a9cca3494 (anisinha/cloud-init)
+
+This causes cloud-init to attempt to reach out to the OpenStack Nova
+datasource in non-Nova deployments on non-x86 architectures.
+
+Change default policy of ds-identify to disallow discovery of datasources
+without strict identifiable artifacts in either kernel cmdline, DMI
+platform information or system configuration files. This prevents
+cloud-init from attempting to reach out to well-known hard-codded link-local
+IP addresses for configuration information unless the platform strictly
+identifies as a specific datasource.
+
+CVE-2024-6174
+LP: #2069607
+BREAKING_CHANGE: This may break non-x86 OpenStack Nova users. Affected users
+    may wish to use ConfigDrive as a workaround.
+
+(cherry picked from commit 8c3ae1bb9f1d80fbf217b41a222ee434e7f58900)
+Signed-off-by: Ani Sinha <anisinha@redhat.com>
+---
+ doc/rtd/reference/breaking_changes.rst | 49 ++++++++++++++++++++++++++
+ tests/unittests/test_ds_identify.py    | 13 ++++---
+ tools/ds-identify                      |  8 ++---
+ 3 files changed, 59 insertions(+), 11 deletions(-)
+
+diff --git a/doc/rtd/reference/breaking_changes.rst b/doc/rtd/reference/breaking_changes.rst
+index ce54e1c95..cd425a304 100644
+--- a/doc/rtd/reference/breaking_changes.rst
++++ b/doc/rtd/reference/breaking_changes.rst
+@@ -11,6 +11,54 @@ releases.
+     many operating system vendors patch out breaking changes in
+     cloud-init to ensure consistent behavior on their platform.
+ 
++25.1.3
++======
++
++Strict datasource identity before network
++-----------------------------------------
++Affects detection of Ec2, OpenStack or AltCloud datasources for non-x86
++architectures where DMI may not be accessible.
++
++Datasource detection provided by ds-identify in cloud-init now requires strict
++identification based on DMI platform information, kernel command line or
++`datasource_list:` system configuration in /etc/cloud/cloud.cfg.d.
++
++Prior to this change, ds-identify would allow non-x86 architectures without
++strict identifying platform information to run in a discovery mode which would
++attempt to reach out to well known static link-local IPs to attempt to
++retrieve configuration once system networking is up.
++
++To mitigate the potential of a bad-actor in a local network responding
++to such provisioning requests from cloud-init clients, ds-identify will no
++longer allow this late discovery mode for platforms unable to expose clear
++identifying characteristics of a known cloud-init datasource.
++
++The most likely affected cloud platforms are AltCloud, Ec2 and OpenStack for
++non-x86 architectures where DMI data is not exposed by the kernel.
++
++If your non-x86 architecture or images no longer detect the proper datasource,
++any of the following steps can ensure proper detection of cloud-init config:
++
++- Provide kernel commandline containing ``ds=<lowercase_datasource_name>``
++  which forces ds-identify to discover a specific datasource.
++- Image creators: provide a config file part such as
++  :file:`/etc/cloud/cloud.cfg.d/*.cfg` containing the
++  case-sensitive ``datasource_list: [ <datasource_name> ]`` to force cloud-init
++  to use a specific datasource without performing discovery.
++
++For example, to force OpenStack discovery in cloud-init any of the following
++approaches work:
++
++- OpenStack: `attach a ConfigDrive`_ as an alternative config source
++- Kernel command line containing ``ds=openstack``
++- Custom images provide :file:`/etc/cloud/cloud.cfg.d/91-set-datasource.cfg`
++  containing:
++
++.. code-block:: yaml
++
++   datasource_list: [ OpenStack ]
++
++
+ 24.3
+ ====
+ 
+@@ -148,5 +196,6 @@ Workarounds include updating the kernel command line and optionally configuring
+ a ``datasource_list`` in ``/etc/cloud/cloud.cfg.d/*.cfg``.
+ 
+ 
++.. _attach a ConfigDrive: https://docs.openstack.org/nova/2024.1/admin/config-drive.html
+ .. _this patch: https://github.com/canonical/cloud-init/blob/ubuntu/noble/debian/patches/no-single-process.patch
+ .. _Python3 equivalent:  https://github.com/canonical/cloud-init/pull/5489#issuecomment-2408210561
+diff --git a/tests/unittests/test_ds_identify.py b/tests/unittests/test_ds_identify.py
+index 5d47e552b..9b3828ce6 100644
+--- a/tests/unittests/test_ds_identify.py
++++ b/tests/unittests/test_ds_identify.py
+@@ -208,9 +208,9 @@ system_info:
+ """
+ 
+ POLICY_FOUND_ONLY = "search,found=all,maybe=none,notfound=disabled"
+-POLICY_FOUND_OR_MAYBE = "search,found=all,maybe=all,notfound=disabled"
+-DI_DEFAULT_POLICY = "search,found=all,maybe=all,notfound=disabled"
+-DI_DEFAULT_POLICY_NO_DMI = "search,found=all,maybe=all,notfound=enabled"
++POLICY_FOUND_OR_MAYBE = "search,found=all,maybe=none,notfound=disabled"
++DI_DEFAULT_POLICY = "search,found=all,maybe=none,notfound=disabled"
++DI_DEFAULT_POLICY_NO_DMI = "search,found=all,maybe=none,notfound=enabled"
+ DI_EC2_STRICT_ID_DEFAULT = "true"
+ OVF_MATCH_STRING = "http://schemas.dmtf.org/ovf/environment/1"
+ 
+@@ -937,7 +937,7 @@ class TestDsIdentify(DsIdentifyBase):
+         self._test_ds_found("OpenStack-AssetTag-Compute")
+ 
+     def test_openstack_on_non_intel_is_maybe(self):
+-        """On non-Intel, openstack without dmi info is maybe.
++        """On non-Intel, openstack without dmi info is none.
+ 
+         nova does not identify itself on platforms other than intel.
+         https://bugs.launchpad.net/cloud-init/+bugs?field.tag=dsid-nova"""
+@@ -957,10 +957,9 @@ class TestDsIdentify(DsIdentifyBase):
+ 
+         # updating the uname to ppc64 though should get a maybe.
+         data.update({"mocks": [MOCK_VIRT_IS_KVM, MOCK_UNAME_IS_PPC64]})
+-        (_, _, err, _, _) = self._check_via_dict(
+-            data, RC_FOUND, dslist=["OpenStack", "None"]
+-        )
++        (_, _, err, _, _) = self._check_via_dict(data, RC_NOT_FOUND)
+         self.assertIn("check for 'OpenStack' returned maybe", err)
++        self.assertIn("No ds found", err)
+ 
+     def test_default_ovf_is_found(self):
+         """OVF is identified found when ovf/ovf-env.xml seed file exists."""
+diff --git a/tools/ds-identify b/tools/ds-identify
+index e00b05e80..5644b1e39 100755
+--- a/tools/ds-identify
++++ b/tools/ds-identify
+@@ -14,7 +14,7 @@
+ #   The format is:
+ #        <mode>,found=value,maybe=value,notfound=value
+ #   default setting is:
+-#     search,found=all,maybe=all,notfound=disabled
++#     search,found=all,maybe=none,notfound=disabled
+ #
+ #   kernel command line option: ci.di.policy=<policy>
+ #   example line in /etc/cloud/ds-identify.cfg:
+@@ -40,7 +40,7 @@
+ #         first: use the first found do no further checking
+ #         all: enable all DS_FOUND
+ #
+-#      maybe: (default=all)
++#      maybe: (default=none)
+ #       if nothing returned 'found', then how to handle maybe.
+ #       no network sources are allowed to return 'maybe'.
+ #         all: enable all DS_MAYBE
+@@ -100,8 +100,8 @@ DI_MAIN=${DI_MAIN:-main}
+ 
+ DI_BLKID_EXPORT_OUT=""
+ DI_GEOM_LABEL_STATUS_OUT=""
+-DI_DEFAULT_POLICY="search,found=all,maybe=all,notfound=${DI_DISABLED}"
+-DI_DEFAULT_POLICY_NO_DMI="search,found=all,maybe=all,notfound=${DI_ENABLED}"
++DI_DEFAULT_POLICY="search,found=all,maybe=none,notfound=${DI_DISABLED}"
++DI_DEFAULT_POLICY_NO_DMI="search,found=all,maybe=none,notfound=${DI_ENABLED}"
+ DI_DMI_BOARD_NAME=""
+ DI_DMI_CHASSIS_ASSET_TAG=""
+ DI_DMI_PRODUCT_NAME=""
+-- 
+2.39.3
+

SOURCES/ci-fix-NM-reload-and-bring-up-individual-network-conns-.patch

@@ -0,0 +1,67 @@
+From 95e9d95a1bd0b995cdb505395b761896739d1476 Mon Sep 17 00:00:00 2001
+From: Ani Sinha <anisinha@redhat.com>
+Date: Thu, 13 Mar 2025 19:46:35 +0530
+Subject: [PATCH] fix: NM reload and bring up individual network conns (#6073)
+
+RH-Author: Ani Sinha <anisinha@redhat.com>
+RH-MergeRequest: 125: fix: NM reload and bring up individual network conns (#6073)
+RH-Jira: RHEL-81703
+RH-Commit: [1/1] 7d9b3575e1807360c40a1f45620060d1843a65b7 (anisinha/cloud-init)
+
+Reloading the network manager service is equivalent to "nmcli reload" and this
+command only reloads the global .conf files and DNS config, not connections.
+This means changes to connection files will not take effect. For those to take
+effect, we need "nmcli conn load/reload" and then "nmcli conn up". Thus,
+reloading network manager as well as reloading the connections are required to
+cover all cases.
+
+Also see https://github.com/canonical/cloud-init/issues/5512#issuecomment-2298371744
+
+While at it, rename "reload-or-try-restart" -> "try-reload-or-restart" since
+the former is legacy and the later is the officially documented sub-command.
+
+Fixes: GH-6064
+Fixes: bde913ae242 ("fix(NetworkManager): Fix network activator")
+
+Signed-off-by: Ani Sinha <anisinha@redhat.com>
+(cherry picked from commit 671baf22df846bcc2cfecf3d2c0e09a816fbf240)
+Signed-off-by: Ani Sinha <anisinha@redhat.com>
+---
+ cloudinit/net/activators.py            | 4 ++--
+ tests/unittests/test_net_activators.py | 4 ++--
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/cloudinit/net/activators.py b/cloudinit/net/activators.py
+index de9a1d3c9..942128941 100644
+--- a/cloudinit/net/activators.py
++++ b/cloudinit/net/activators.py
+@@ -206,9 +206,9 @@ class NetworkManagerActivator(NetworkActivator):
+                 state,
+             )
+         return _alter_interface(
+-            ["systemctl", "reload-or-try-restart", "NetworkManager.service"],
++            ["systemctl", "try-reload-or-restart", "NetworkManager.service"],
+             "all",
+-        )
++        ) and all(cls.bring_up_interface(device) for device in device_names)
+ 
+ 
+ class NetplanActivator(NetworkActivator):
+diff --git a/tests/unittests/test_net_activators.py b/tests/unittests/test_net_activators.py
+index a720ada81..84876b73b 100644
+--- a/tests/unittests/test_net_activators.py
++++ b/tests/unittests/test_net_activators.py
+@@ -247,8 +247,8 @@ NETWORK_MANAGER_BRING_UP_ALL_CALL_LIST: list = [
+         ),
+         {},
+     ),
+-    ((["systemctl", "reload-or-try-restart", "NetworkManager.service"],), {}),
+-]
++    ((["systemctl", "try-reload-or-restart", "NetworkManager.service"],), {}),
++] + NETWORK_MANAGER_BRING_UP_CALL_LIST
+ 
+ NETWORKD_BRING_UP_CALL_LIST: list = [
+     ((["ip", "link", "set", "dev", "eth0", "up"],), {}),
+-- 
+2.48.1
+

SOURCES/ci-fix-strict-disable-in-ds-identify-on-no-datasources-.patch

@@ -0,0 +1,90 @@
+From 9c2c1169ba2d11b22ff054583583cd4298a5ba81 Mon Sep 17 00:00:00 2001
+From: Chad Smith <chad.smith@canonical.com>
+Date: Tue, 24 Jun 2025 09:12:52 -0600
+Subject: [PATCH 2/2] fix: strict disable in ds-identify on no datasources
+ found
+
+RH-Author: Ani Sinha <anisinha@redhat.com>
+RH-MergeRequest: 129: CVE-2024-6174:  fix: Don't attempt to identify non-x86 OpenStack instances
+RH-Jira: RHEL-100615
+RH-Acked-by: xiachen <xiachen@redhat.com>
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Commit: [2/2] f941ad029982aa5b1aecd569380ae47a6d727d9b (anisinha/cloud-init)
+
+Take the CVE-2024-6174 strict detection fix one step further.
+
+Commit 8c3ae1b took a step to ignore DS_MAYBE datasource discovery.
+But, if no datasources are met the DS_FOUND conditions, ds-identify was
+still leaving cloud-init enabled. This resulted in cloud-init python
+code attempting to discover all datasources later in boot based on
+the default datasource_list.
+
+ds-identify will now assert that at least one datasource is found. If
+no datasources, ds-identify will exit 1 which disables cloud-init boot
+stages and results in no boot configuration operations from cloud-init.
+
+OpenStack images which cannot identify a valid datasource with DMI-data
+or kernel command line ci.ds=OpenStack parameter will need to either:
+- provide image-based configuration in either /etc/cloud/cloud.cfg.* to set
+   datasource_list: [ OpenStack ]
+- provide --config-drive true to openstack server create
+- attach a nocloud disk labelled CIDATA containing user-data and
+  meta-data files
+
+CVE-2024-6174
+LP: #2069607
+
+(cherry picked from commit e3f42adc2674a38fb29e414cfbf96f884934b2d2)
+Signed-off-by: Ani Sinha <anisinha@redhat.com>
+---
+ tests/unittests/test_ds_identify.py | 6 ++++--
+ tools/ds-identify                   | 2 +-
+ 2 files changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/tests/unittests/test_ds_identify.py b/tests/unittests/test_ds_identify.py
+index 9b3828ce6..2d6306c2f 100644
+--- a/tests/unittests/test_ds_identify.py
++++ b/tests/unittests/test_ds_identify.py
+@@ -210,7 +210,7 @@ system_info:
+ POLICY_FOUND_ONLY = "search,found=all,maybe=none,notfound=disabled"
+ POLICY_FOUND_OR_MAYBE = "search,found=all,maybe=none,notfound=disabled"
+ DI_DEFAULT_POLICY = "search,found=all,maybe=none,notfound=disabled"
+-DI_DEFAULT_POLICY_NO_DMI = "search,found=all,maybe=none,notfound=enabled"
++DI_DEFAULT_POLICY_NO_DMI = "search,found=all,maybe=none,notfound=disabled"
+ DI_EC2_STRICT_ID_DEFAULT = "true"
+ OVF_MATCH_STRING = "http://schemas.dmtf.org/ovf/environment/1"
+ 
+@@ -947,7 +947,7 @@ class TestDsIdentify(DsIdentifyBase):
+         data.update(
+             {
+                 "policy_dmi": POLICY_FOUND_OR_MAYBE,
+-                "policy_no_dmi": POLICY_FOUND_OR_MAYBE,
++                "policy_no_dmi": DI_DEFAULT_POLICY_NO_DMI,
+             }
+         )
+ 
+@@ -960,6 +960,8 @@ class TestDsIdentify(DsIdentifyBase):
+         (_, _, err, _, _) = self._check_via_dict(data, RC_NOT_FOUND)
+         self.assertIn("check for 'OpenStack' returned maybe", err)
+         self.assertIn("No ds found", err)
++        self.assertIn("Disabled cloud-init", err)
++        self.assertIn("returning 1", err)
+ 
+     def test_default_ovf_is_found(self):
+         """OVF is identified found when ovf/ovf-env.xml seed file exists."""
+diff --git a/tools/ds-identify b/tools/ds-identify
+index 5644b1e39..9bd9c9bbb 100755
+--- a/tools/ds-identify
++++ b/tools/ds-identify
+@@ -101,7 +101,7 @@ DI_MAIN=${DI_MAIN:-main}
+ DI_BLKID_EXPORT_OUT=""
+ DI_GEOM_LABEL_STATUS_OUT=""
+ DI_DEFAULT_POLICY="search,found=all,maybe=none,notfound=${DI_DISABLED}"
+-DI_DEFAULT_POLICY_NO_DMI="search,found=all,maybe=none,notfound=${DI_ENABLED}"
++DI_DEFAULT_POLICY_NO_DMI="search,found=all,maybe=none,notfound=${DI_DISABLED}"
+ DI_DMI_BOARD_NAME=""
+ DI_DMI_CHASSIS_ASSET_TAG=""
+ DI_DMI_PRODUCT_NAME=""
+-- 
+2.39.3
+

SPECS/cloud-init.spec

@@ -1,6 +1,6 @@
 Name:           cloud-init
 Version:        24.4
-Release:        4%{?dist}.alma.1
+Release:        7%{?dist}.alma.1
 Summary:        Cloud instance init scripts
 License:        ASL 2.0 or GPLv3
 URL:            http://launchpad.net/cloud-init
@@ -21,6 +21,15 @@ Patch7: ci-Use-log_with_downgradable_level-for-user-password-wa.patch
 Patch8: ci-downstream-set-deprecation-boundary-version.patch
 # For RHEL-76361 - [c9s] cloud-init remove 'NOZEROCONF=yes' from /etc/sysconfig/network
 Patch9: ci-net-sysconfig-do-not-remove-all-existing-settings-of.patch
+# For RHEL-81703 - DataSourceNoCloudNet network configuration is ineffective - c9s
+Patch10: ci-fix-NM-reload-and-bring-up-individual-network-conns-.patch
+# For RHEL-88658 - Cloud-Init Backport Optimization Features on Alibaba Cloud
+Patch11: ci-feat-aliyun-datasource-support-crawl-metadata-at-onc.patch
+# For RHEL-100615 - CVE-2024-6174 cloud-init: From CVEorg collector [rhel-9.7]
+Patch12: ci-fix-Don-t-attempt-to-identify-non-x86-OpenStack-inst.patch
+# For RHEL-100615 - CVE-2024-6174 cloud-init: From CVEorg collector [rhel-9.7]
+Patch13: ci-fix-strict-disable-in-ds-identify-on-no-datasources-.patch
+Patch14: 0003-downstream-Retain-exit-code-in-cloud-init-status-for.patch
 
 # AlmaLinux Patch
 Patch3100: 0001-Add-AlmaLinux-OS-and-CloudLinux-OS-support-to.patch
@@ -238,8 +247,27 @@ fi
 %config(noreplace) %{_sysconfdir}/rsyslog.d/21-cloudinit.conf
 
 %changelog
-* Mon Mar 17 2025 Eduard Abdullin <eabdullin@almalinux.org> - 24.4-4.alma.1
-- 0001-Add-AlmaLinux-OS-and-CloudLinux-OS-support-to.patch
+* Mon Sep 15 2025 Elkhan Mammadli <elkhan@almalinux.org> - 24.4-7.alma.1
+- Add-AlmaLinux-OS-and-CloudLinux-OS-support-to.patch
+
+* Thu Jul 03 2025 Miroslav Rezanina <mrezanin@redhat.com> - 24.4-7
+- ci-fix-Don-t-attempt-to-identify-non-x86-OpenStack-inst.patch [RHEL-100615]
+- ci-fix-strict-disable-in-ds-identify-on-no-datasources-.patch [RHEL-100615]
+- Fix missing patch [RHEL-101692]
+- Resolves: RHEL-100615
+  (CVE-2024-6174 cloud-init: From CVEorg collector [rhel-9.7])
+- Resolves: RHEL-101692
+  (c9s dist-git missing patch "downstream: Retain exit code in cloud-init status for recoverable errors")
+
+* Wed May 14 2025 Jon Maloy <jmaloy@redhat.com> - 24.4-6
+- ci-feat-aliyun-datasource-support-crawl-metadata-at-onc.patch [RHEL-88658]
+- Resolves: RHEL-88658
+  (Cloud-Init Backport Optimization Features on Alibaba Cloud)
+
+* Tue Mar 18 2025 Jon Maloy <jmaloy@redhat.com> - 24.4-5
+- ci-fix-NM-reload-and-bring-up-individual-network-conns-.patch [RHEL-81703]
+- Resolves: RHEL-81703
+  (DataSourceNoCloudNet network configuration is ineffective - c9s)
 
 * Mon Feb 17 2025 Jon Maloy <jmaloy@redhat.com> - 24.4-4
 - ci-net-sysconfig-do-not-remove-all-existing-settings-of.patch [RHEL-76361]