diff --git a/backport-ntpd-abort-if-fail-to-drop-root.patch b/backport-ntpd-abort-if-fail-to-drop-root.patch
new file mode 100644
index 0000000000000000000000000000000000000000..bdcda56dfe742dcc7cb2c421e457bcd86c6bb0ec
--- /dev/null
+++ b/backport-ntpd-abort-if-fail-to-drop-root.patch
@@ -0,0 +1,162 @@
+Conflict:NA
+Reference:https://bugs.ntp.org/attachment.cgi?id=1880
+
+diff -Nru a/ntpd/ntpd.c b/ntpd/ntpd.c
+--- a/ntpd/ntpd.c	2024-01-22 05:23:37 +0000
++++ b/ntpd/ntpd.c	2024-01-22 05:23:37 +0000
+@@ -204,10 +204,6 @@
+ int mdnstries = 5;
+ #endif  /* HAVE_DNSREGISTRATION */
+ 
+-#ifdef HAVE_LINUX_CAPABILITIES
+-int have_caps;		/* runtime check whether capabilities work */
+-#endif /* HAVE_LINUX_CAPABILITIES */
+-
+ #ifdef HAVE_DROPROOT
+ int droproot;
+ int root_dropped;
+@@ -813,8 +809,8 @@
+ #ifndef SIM
+ int
+ ntpdmain(
+-	int argc,
+-	char *argv[]
++	int	argc,
++	char *	argv[]
+ 	)
+ {
+ 	l_fp		now;
+@@ -837,7 +833,7 @@
+ # ifdef NEED_PTHREAD_WARMUP
+ 	my_pthread_warmup();
+ # endif
+-	
++
+ # ifdef HAVE_UMASK
+ 	uv = umask(0);
+ 	if (uv)
+@@ -861,9 +857,9 @@
+ # ifdef DEBUG
+ 	    || debug
+ # endif
+-	    || HAVE_OPT(SAVECONFIGQUIT))
++	    || HAVE_OPT(SAVECONFIGQUIT)) {
+ 		nofork = TRUE;
+-
++	}
+ 	init_logging(progname, NLOG_SYNCMASK, TRUE);
+ 	/* honor -l/--logfile option to log to a file */
+ 	if (HAVE_OPT(LOGFILE)) {
+@@ -931,32 +927,33 @@
+ 	}
+ # endif
+ 
+-/*
+- * Enable the Multi-Media Timer for Windows?
+- */
++	/*
++	 * Enable the Multi-Media Timer for Windows?
++	 */
+ # ifdef SYS_WINNT
+-	if (HAVE_OPT( MODIFYMMTIMER ))
++	if (HAVE_OPT(MODIFYMMTIMER)) {
+ 		set_mm_timer(MM_TIMER_HIRES);
++	}
+ # endif
+ 
+ #ifdef HAVE_DNSREGISTRATION
+-/*
+- * Enable mDNS registrations?
+- */
++	/*
++	 * Enable mDNS registrations?
++	 */
+ 	if (HAVE_OPT( MDNS )) {
+ 		mdnsreg = TRUE;
+ 	}
+ #endif  /* HAVE_DNSREGISTRATION */
+ 
+-	if (HAVE_OPT( NOVIRTUALIPS ))
++	if (HAVE_OPT(NOVIRTUALIPS)) {
+ 		listen_to_virtual_ips = 0;
+-
++	}
+ 	/*
+ 	 * --interface, listen on specified interfaces
+ 	 */
+ 	if (HAVE_OPT( INTERFACE )) {
+ 		int		ifacect = STACKCT_OPT( INTERFACE );
+-		const char**	ifaces  = STACKLST_OPT( INTERFACE );
++		const char **	ifaces = STACKLST_OPT( INTERFACE );
+ 		sockaddr_u	addr;
+ 
+ 		while (ifacect-- > 0) {
+@@ -969,9 +966,9 @@
+ 		}
+ 	}
+ 
+-	if (HAVE_OPT( NICE ))
++	if (HAVE_OPT(NICE)) {
+ 		priority_done = 0;
+-
++	}
+ # ifdef HAVE_SCHED_SETSCHEDULER
+ 	if (HAVE_OPT( PRIORITY )) {
+ 		config_priority = OPT_VALUE_PRIORITY;
+@@ -1036,7 +1033,7 @@
+ 	 * on the base CPU than the other CPUs (for multiprocessor systems),
+ 	 * so we must lock to the base CPU.
+ 	 */
+-	fd = open("/dev/at1", O_RDONLY);		
++	fd = open("/dev/at1", O_RDONLY);
+ 	if (fd >= 0) {
+ 		zero = 0;
+ 		if (ioctl(fd, ACPU_LOCK, &zero) < 0)
+@@ -1144,7 +1141,7 @@
+ #  ifdef RLIMIT_MEMLOCK
+ 		    && -1 != DFLT_RLIMIT_MEMLOCK
+ #  endif
+-		    && 0 != mlockall(MCL_CURRENT|MCL_FUTURE))
++		    && 0 != mlockall(MCL_CURRENT | MCL_FUTURE))
+ 			msyslog(LOG_ERR, "mlockall(): %m");
+ # else	/* !HAVE_MLOCKALL follows */
+ #  ifdef HAVE_PLOCK
+@@ -1174,28 +1171,30 @@
+ 	initializing = FALSE;
+ 
+ # ifdef HAVE_LINUX_CAPABILITIES
+-	{
++	if (droproot) {
++		int	have_caps;
++		cap_t	caps;
++
+ 		/*  Check that setting capabilities actually works; we might be
+ 		 *  run on a kernel with disabled capabilities. We must not
+ 		 *  drop privileges in this case.
+ 		 */
+-		cap_t caps;
+ 		caps = cap_from_text("cap_sys_time,cap_setuid,cap_setgid,cap_sys_chroot,cap_net_bind_service=pe");
+-		if ( ! caps) {
+-			msyslog( LOG_ERR, "cap_from_text() failed: %m" );
++		if (!caps) {
++			msyslog(LOG_ERR, "cap_from_text() failed: %m");
+ 			exit(-1);
+ 		}
+ 		have_caps = (cap_set_proc(caps) == 0);
+ 		cap_free(caps);	/* caps not NULL here! */
++		if (!have_caps) {
++			msyslog(LOG_ERR, ("Fatal: unable to drop root privs: %m"));
++			exit(-1);
++		}
+ 	}
+ # endif /* HAVE_LINUX_CAPABILITIES */
+ 
+ # ifdef HAVE_DROPROOT
+-#  ifdef HAVE_LINUX_CAPABILITIES
+-	if (droproot && have_caps) {
+-#  else
+ 	if (droproot) {
+-#  endif /*HAVE_LINUX_CAPABILITIES*/
+ 
+ #  ifdef NEED_EARLY_FORK
+ 		fork_nonchroot_worker();
diff --git a/ntp.spec b/ntp.spec
index 660ade432f5999b12290e30db38f0dda23161a50..384f1ee93594c94569031c795853e27bef68a5e2 100644
--- a/ntp.spec
+++ b/ntp.spec
@@ -2,7 +2,7 @@
 
 Name:                  ntp
 Version:               4.2.8p15
-Release:               13
+Release:               14
 Summary:               A protocol designed to synchronize the clocks of computers over a network
 License:               MIT and BSD and BSD with advertising
 URL:                   https://www.ntp.org/
@@ -29,6 +29,7 @@ Patch6:                fix-MD5-manpage.patch
 Patch7:                backport-CVE-2023-26551-CVE-2023-26552-CVE-2023-26553-CVE-2023-26554.patch
 Patch8:                backport-CVE-2023-26555-fix-out-write-bounds-in-praecis_parse.patch
 Patch9:                backport-add-NULL-pointer-check-when-ntpd-deletes-the-last-interface.patch
+Patch10:               backport-ntpd-abort-if-fail-to-drop-root.patch
 
 BuildRequires:	       libcap-devel openssl-devel libedit-devel libevent-devel pps-tools-devel
 BuildRequires:         autogen autogen-libopts-devel systemd gcc perl-generators perl-HTML-Parser libtool
@@ -214,7 +215,13 @@ make check
 %{_mandir}/man8/*.8*
 
 %changelog
-* Fri Nov 24 2023 chengyechun <chengyehcun1@huawei.com> - 4.2.8p15-13
+* Tue Jan 23 2024 chengyechun <chengyechun1@huawei.com> - 4.2.8p15-14
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:linux-only change to abort if ntpd can not drop root
+
+* Fri Nov 24 2023 chengyechun <chengyechun1@huawei.com> - 4.2.8p15-13
 - Type:bugfix
 - ID:NA
 - SUG:NA