diff --git a/chrony-4.1.tar.gz b/chrony-4.1.tar.gz
deleted file mode 100644
index c0397a797df20d39403379fcdcbc9769768e7b6c..0000000000000000000000000000000000000000
Binary files a/chrony-4.1.tar.gz and /dev/null differ
diff --git a/chrony-4.2.tar.gz b/chrony-4.2.tar.gz
new file mode 100644
index 0000000000000000000000000000000000000000..42b76edbc3468f0571bd78a81e4c04986635247b
Binary files /dev/null and b/chrony-4.2.tar.gz differ
diff --git a/chrony-services.patch b/chrony-services.patch
new file mode 100644
index 0000000000000000000000000000000000000000..02929e2a7db05947ea819dcd1e9b890d0c8cc4ce
--- /dev/null
+++ b/chrony-services.patch
@@ -0,0 +1,21 @@
+diff -up chrony-4.2/examples/chronyd.service.services chrony-4.2/examples/chronyd.service
+--- chrony-4.2/examples/chronyd.service.services	2021-12-16 13:17:42.000000000 +0100
++++ chrony-4.2/examples/chronyd.service	2022-01-19 13:55:59.066677473 +0100
+@@ -32,8 +32,7 @@ ProtectKernelLogs=yes
+ ProtectKernelModules=yes
+ ProtectKernelTunables=yes
+ ProtectProc=invisible
+-ProtectSystem=strict
+-ReadWritePaths=/run /var/lib/chrony -/var/log
++ProtectSystem=full
+ RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+ RestrictNamespaces=yes
+ RestrictSUIDSGID=yes
+@@ -42,7 +41,6 @@ SystemCallFilter=~@cpu-emulation @debug
+ 
+ # Adjust restrictions for /usr/sbin/sendmail (mailonchange directive)
+ NoNewPrivileges=no
+-ReadWritePaths=-/var/spool
+ RestrictAddressFamilies=AF_NETLINK
+ 
+ [Install]
diff --git a/chrony.spec b/chrony.spec
index 8c908d5bfc4a1668078c29e2ccfcd8258f13e6cb..73f2b43ca110c200131e1987a26abe4dc1b8e5c7 100644
--- a/chrony.spec
+++ b/chrony.spec
@@ -1,7 +1,7 @@
-%global clknetsim_ver f89702
+%global clknetsim_ver 470b5e
 
 Name:      chrony
-Version:   4.1
+Version:   4.2
 Release:   1
 Summary:   An NTP client/server
 License:   GPLv2
@@ -12,6 +12,7 @@ Source1:   chrony.dhclient
 Source6:   https://github.com/mlichvar/clknetsim/archive/%{clknetsim_ver}/clknetsim-%{clknetsim_ver}.tar.gz
 
 Patch1:	   chrony-nm-dispatcher-dhcp.patch
+Patch2:      chrony-services.patch
 BuildRequires: gcc gcc-c++ bison systemd libcap-devel libedit-devel nettle-devel pps-tools-devel libseccomp-devel
 
 Requires:      shadow-utils systemd timedatex
@@ -135,6 +136,9 @@ fi
 %{_mandir}/man[158]/%{name}*.[158]*
 
 %changelog
+* Wed Jun 22 2022 qiaoyujie <qiaoyujie@kylinos.cn> - 4.2-1
+- Upgrade version to 4.2
+
 * Fri Jul 09 2021 gaihuiying <gaihuiying1@huawei.com> - 4.1-1
 - Type:requirement
 - Id:NA
diff --git a/clknetsim-470b5e.tar.gz b/clknetsim-470b5e.tar.gz
new file mode 100644
index 0000000000000000000000000000000000000000..4bbf793573bbb443e8354ba2b15057ca0a76e21d
Binary files /dev/null and b/clknetsim-470b5e.tar.gz differ
diff --git a/clknetsim-f89702.tar.gz b/clknetsim-f89702.tar.gz
deleted file mode 100644
index 513ebd1b0c22978165e39d03a5acdcc7478f2701..0000000000000000000000000000000000000000
Binary files a/clknetsim-f89702.tar.gz and /dev/null differ