diff -Nru chrony-4.5/debian/changelog chrony-4.5/debian/changelog
--- chrony-4.5/debian/changelog	2024-01-02 02:45:01.000000000 -0600
+++ chrony-4.5/debian/changelog	2024-02-14 12:10:19.000000000 -0600
@@ -1,3 +1,9 @@
+chrony (4.5-1ubuntu2) UNRELEASED; urgency=medium
+
+  * Introduce "disallowname" configuration directive (LP #2048876)
+
+ -- Ankush Pathak <ankushi.pathak@canonical.com>  Wed, 14 Feb 2024 12:10:19 -0600
+
 chrony (4.5-1ubuntu1) noble; urgency=medium
 
   * Merge with Debian unstable (LP: #2040371). Remaining changes:
diff -Nru chrony-4.5/debian/patches/lp-2048876-disallow-name-conf.patch chrony-4.5/debian/patches/lp-2048876-disallow-name-conf.patch
--- chrony-4.5/debian/patches/lp-2048876-disallow-name-conf.patch	1969-12-31 18:00:00.000000000 -0600
+++ chrony-4.5/debian/patches/lp-2048876-disallow-name-conf.patch	2024-02-14 12:08:46.000000000 -0600
@@ -0,0 +1,121 @@
+Index: chrony-4.5/conf.c
+Description: This changeset introduces a new configuration directive
+"disallowname". The source name specified under this directive will not be
+effective as a source even if it is specified through other source
+configuration. The location of the "disallowname" entry does not affect its
+enforcement. Meaning a source can be "disallowed" after or before the source
+entry appears in the configuration.
+===================================================================
+--- chrony-4.5.orig/conf.c
++++ chrony-4.5/conf.c
+@@ -66,6 +66,7 @@ static void parse_bindcmdaddress(char *)
+ static void parse_broadcast(char *);
+ static void parse_clientloglimit(char *);
+ static void parse_confdir(char *);
++static void parse_disallow_name(char *);
+ static void parse_fallbackdrift(char *);
+ static void parse_hwtimestamp(char *);
+ static void parse_include(char *);
+@@ -296,6 +297,8 @@ static ARR_Instance ntp_source_dirs;
+ /* Array of uint32_t corresponding to ntp_sources (for sourcedirs reload) */
+ static ARR_Instance ntp_source_ids;
+ 
++static ARR_Instance ntp_sources_disallow_list;
++
+ /* Array of RefclockParameters */
+ static ARR_Instance refclock_sources;
+ 
+@@ -395,6 +398,7 @@ CNF_Initialise(int r, int client_only)
+   ntp_sources = ARR_CreateInstance(sizeof (NTP_Source));
+   ntp_source_dirs = ARR_CreateInstance(sizeof (char *));
+   ntp_source_ids = ARR_CreateInstance(sizeof (uint32_t));
++  ntp_sources_disallow_list = ARR_CreateInstance(sizeof (char *));
+   refclock_sources = ARR_CreateInstance(sizeof (RefclockParameters));
+   broadcasts = ARR_CreateInstance(sizeof (NTP_Broadcast_Destination));
+ 
+@@ -440,6 +444,8 @@ CNF_Finalise(void)
+     Free(((NTP_Source *)ARR_GetElement(ntp_sources, i))->params.name);
+   for (i = 0; i < ARR_GetSize(ntp_source_dirs); i++)
+     Free(*(char **)ARR_GetElement(ntp_source_dirs, i));
++  for(i = 0; i < ARR_GetSize(ntp_sources_disallow_list); i++)
++    Free(*(char **) ARR_GetElement(ntp_sources_disallow_list, i));
+   for (i = 0; i < ARR_GetSize(refclock_sources); i++) {
+     Free(((RefclockParameters *)ARR_GetElement(refclock_sources, i))->driver_name);
+     Free(((RefclockParameters *)ARR_GetElement(refclock_sources, i))->driver_parameter);
+@@ -455,6 +461,7 @@ CNF_Finalise(void)
+   ARR_DestroyInstance(ntp_sources);
+   ARR_DestroyInstance(ntp_source_dirs);
+   ARR_DestroyInstance(ntp_source_ids);
++  ARR_DestroyInstance(ntp_sources_disallow_list);
+   ARR_DestroyInstance(refclock_sources);
+   ARR_DestroyInstance(broadcasts);
+ 
+@@ -594,6 +601,8 @@ CNF_ParseLine(const char *filename, int
+     parse_double(p, &correction_time_ratio);
+   } else if (!strcasecmp(command, "deny")) {
+     parse_allow_deny(p, ntp_restrictions, 0);
++  } else if(!strcasecmp(command, "disallowname")) {
++    parse_disallow_name(p);
+   } else if (!strcasecmp(command, "driftfile")) {
+     parse_string(p, &drift_file);
+   } else if (!strcasecmp(command, "dscp")) {
+@@ -791,6 +800,20 @@ parse_null(char *line)
+   return 1;
+ }
+ 
++static int
++is_source_disallowed(const void *s)
++{
++  const NTP_Source *source = s;
++  int i,d;
++
++  for(i = 0; i < ARR_GetSize(ntp_sources_disallow_list); i++) {
++    char *disallowed_name = *((char **)ARR_GetElement(ntp_sources_disallow_list, i));
++    if ((d = strcmp(source->params.name, disallowed_name)) == 0)
++      return 1;
++  }
++  return 0;
++}
++
+ /* ================================================== */
+ 
+ static void
+@@ -823,7 +846,23 @@ parse_source(char *line, char *type, int
+   }
+ 
+   source.params.name = Strdup(source.params.name);
+-  ARR_AppendElement(ntp_sources, &source);
++  if(!is_source_disallowed(&source))
++    ARR_AppendElement(ntp_sources, &source);
++}
++
++
++static void remove_disallowed_sources()
++{
++  NTP_Source *ntp_source;
++  int i;
++  for(i = 0; i < ARR_GetSize(ntp_sources);) {
++    ntp_source = ARR_GetElement(ntp_sources, i);
++    if (is_source_disallowed(ntp_source))
++      ARR_RemoveElement(ntp_sources, i);
++    else
++      i++;
++  }
++
+ }
+ 
+ /* ================================================== */
+@@ -1590,6 +1629,13 @@ parse_confdir(char *line)
+     command_parse_error();
+ }
+ 
++static void parse_disallow_name(char *line)
++{
++  check_number_of_args(line, 1);
++  char *server_name = Strdup(line);
++  ARR_AppendElement(ntp_sources_disallow_list, &server_name);
++  remove_disallowed_sources();
++}
+ /* ================================================== */
+ 
+ static void
diff -Nru chrony-4.5/debian/patches/series chrony-4.5/debian/patches/series
--- chrony-4.5/debian/patches/series	2024-01-02 02:45:01.000000000 -0600
+++ chrony-4.5/debian/patches/series	2024-02-14 11:25:54.000000000 -0600
@@ -1,2 +1,3 @@
 debianize-chronyd-restricted-unit-file.patch
 nm-dispatcher-dhcp_Move-server_dir-to-run.patch
+lp-2048876-disallow-name-conf.patch