!334 Fix CVE-2024-57360, CVE-2025-0840

From: @fundawang Reviewed-by: @eastb233 Signed-off-by: @eastb233
fix CVE-2024-57360, CVE-2025-0840
2025-02-06 09:10:50 +00:00 · 2025-01-30 16:48:33 +08:00 · 2024-11-01 07:54:57 +00:00 · 2024-10-28 20:22:04 +08:00 · 2024-03-22 06:29:17 +00:00 · 2024-03-21 19:19:52 +08:00
53 changed files with 26105 additions and 79 deletions
--- a/AVX512-0001-x86-Add-int1-as-one-byte-opcode-0xf1.patch
+++ b/AVX512-0001-x86-Add-int1-as-one-byte-opcode-0xf1.patch
--- a/AVX512-0002-x86-drop-OP_Mask.patch
+++ b/AVX512-0002-x86-drop-OP_Mask.patch
--- a/AVX512-0003-x86-correct-VCVT-U-SI2SD-rounding-mode-handling.patch
+++ b/AVX512-0003-x86-correct-VCVT-U-SI2SD-rounding-mode-handling.patch
--- a/AVX512-0004-x86-64-generalize-OP_G-s-EVEX.R-handling.patch
+++ b/AVX512-0004-x86-64-generalize-OP_G-s-EVEX.R-handling.patch
--- a/AVX512-0005-x86-64-properly-bounds-check-bnd-N-in-OP_G.patch
+++ b/AVX512-0005-x86-64-properly-bounds-check-bnd-N-in-OP_G.patch
--- a/AVX512-0006-x86-fold-duplicate-register-printing-code.patch
+++ b/AVX512-0006-x86-fold-duplicate-register-printing-code.patch
--- a/AVX512-0007-x86-fold-duplicate-code-in-MOVSXD_Fixup.patch
+++ b/AVX512-0007-x86-fold-duplicate-code-in-MOVSXD_Fixup.patch
--- a/AVX512-0008-x86-correct-EVEX.V-handling-outside-of-64-bit-mode.patch
+++ b/AVX512-0008-x86-correct-EVEX.V-handling-outside-of-64-bit-mode.patch
--- a/AVX512-0009-x86-drop-vex_mode-and-vex_scalar_mode.patch
+++ b/AVX512-0009-x86-drop-vex_mode-and-vex_scalar_mode.patch
--- a/AVX512-0010-x86-fold-duplicate-vector-register-printing-code.patch
+++ b/AVX512-0010-x86-fold-duplicate-vector-register-printing-code.patch
--- a/AVX512-0011-x86-drop-xmm_m-b-w-d-q-_mode.patch
+++ b/AVX512-0011-x86-drop-xmm_m-b-w-d-q-_mode.patch
--- a/AVX512-0012-x86-drop-vex_scalar_w_dq_mode.patch
+++ b/AVX512-0012-x86-drop-vex_scalar_w_dq_mode.patch
--- a/AVX512-0013-x86-drop-dq-b-d-_mode.patch
+++ b/AVX512-0013-x86-drop-dq-b-d-_mode.patch
--- a/AVX512-0014-x86-express-unduly-set-rounding-control-bits-in-disa.patch
+++ b/AVX512-0014-x86-express-unduly-set-rounding-control-bits-in-disa.patch
--- a/AVX512-0015-x86-Simplify-check-for-distinct-TMM-register-operand.patch
+++ b/AVX512-0015-x86-Simplify-check-for-distinct-TMM-register-operand.patch
--- a/AVX512-0016-PATCH-1-2-Enable-Intel-AVX512_FP16-instructions.patch
+++ b/AVX512-0016-PATCH-1-2-Enable-Intel-AVX512_FP16-instructions.patch
--- a/AVX512-0017-PATCH-2-2-Add-tests-for-Intel-AVX512_FP16-instructio.patch
+++ b/AVX512-0017-PATCH-2-2-Add-tests-for-Intel-AVX512_FP16-instructio.patch
--- a/AVX512-0018-x86-ELF-fix-.tfloat-output.patch
+++ b/AVX512-0018-x86-ELF-fix-.tfloat-output.patch
--- a/AVX512-0019-x86-ELF-fix-.ds.x-output.patch
+++ b/AVX512-0019-x86-ELF-fix-.ds.x-output.patch
--- a/AVX512-0020-x86-ELF-fix-.tfloat-output-with-hex-input.patch
+++ b/AVX512-0020-x86-ELF-fix-.tfloat-output-with-hex-input.patch
--- a/AVX512-0021-x86-introduce-.hfloat-directive.patch
+++ b/AVX512-0021-x86-introduce-.hfloat-directive.patch
--- a/AVX512-0022-x86-Avoid-abort-on-invalid-broadcast.patch
+++ b/AVX512-0022-x86-Avoid-abort-on-invalid-broadcast.patch
--- a/AVX512-0023-x86-Put-back-3-aborts-in-OP_E_memory.patch
+++ b/AVX512-0023-x86-Put-back-3-aborts-in-OP_E_memory.patch
--- a/AVX512-0024-x86-Print-bad-on-invalid-broadcast-in-OP_E_memory.patch
+++ b/AVX512-0024-x86-Print-bad-on-invalid-broadcast-in-OP_E_memory.patch
--- a/AVX512-0025-x86-Terminate-mnemonicendp-in-swap_operand.patch
+++ b/AVX512-0025-x86-Terminate-mnemonicendp-in-swap_operand.patch
--- a/AVX512-0026-opcodes-Make-i386-dis.c-thread-safe.patch
+++ b/AVX512-0026-opcodes-Make-i386-dis.c-thread-safe.patch
--- a/AVX512-0027-x86-reduce-AVX512-FP16-set-of-insns-decoded-through-.patch
+++ b/AVX512-0027-x86-reduce-AVX512-FP16-set-of-insns-decoded-through-.patch
--- a/AVX512-0028-x86-reduce-AVX512-FP-set-of-insns-decoded-through-ve.patch
+++ b/AVX512-0028-x86-reduce-AVX512-FP-set-of-insns-decoded-through-ve.patch
--- a/AVX512-0029-x86-consistently-use-scalar_mode-for-AVX512-FP16-sca.patch
+++ b/AVX512-0029-x86-consistently-use-scalar_mode-for-AVX512-FP16-sca.patch
--- a/SME-0001-aarch64-SME-Add-sme-option-to-march.patch
+++ b/SME-0001-aarch64-SME-Add-sme-option-to-march.patch
@ -0,0 +1,139 @@
+From 90774538ff7755dcc12d997d52b76a484b8c68d2 Mon Sep 17 00:00:00 2001
+From: Przemyslaw Wirkus <przemyslaw.wirkus@arm.com>
+Date: Wed, 17 Nov 2021 19:02:54 +0000
+Subject: [PATCH 01/10] aarch64: [SME] Add +sme option to -march
+
+Reference: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=57f02370a1e55bf09d3ede5ba6b2fcc78b40200a
+
+This series of patches (tagged [SME]) add support for the Scalable
+Matrix Extension. Patch introduces new command line options: +sme, +sme-f64 and
+sme-i64 to -march command line options.
+
+gas/ChangeLog:
+
+	* NEWS: Updated docs.
+	* config/tc-aarch64.c: New SME command line options.
+	* doc/c-aarch64.texi: Update docs.
+
+include/ChangeLog:
+
+	* opcode/aarch64.h (AARCH64_FEATURE_SME): New flag.
+	(AARCH64_FEATURE_SME_F64): New flag.
+	(AARCH64_FEATURE_SME_I64): New flag.
+
+opcodes/ChangeLog:
+
+	* aarch64-tbl.h (SME): New feature object.
+---
+ gas/NEWS                 |  2 ++
+ gas/config/tc-aarch64.c  | 11 +++++++++++
+ gas/doc/c-aarch64.texi   |  6 ++++++
+ include/opcode/aarch64.h |  3 +++
+ opcodes/aarch64-tbl.h    | 11 +++++++++++
+ 5 files changed, 33 insertions(+)
+
+diff --git a/gas/NEWS b/gas/NEWS
+index 9e24e4dd..0c5db3bf 100644
+--- a/gas/NEWS
+++ b/gas/NEWS
+@@ -2,6 +2,8 @@
+ 
+ * Add support for Intel AVX512_FP16 instructions.
+ 
+* Add support for Scalable Matrix Extension (SME) for AArch64.
+
+ Changes in 2.37:
+ 
+ * arm-symbianelf support removed.
+diff --git a/gas/config/tc-aarch64.c b/gas/config/tc-aarch64.c
+index 2eaad63a..f750fad4 100644
+--- a/gas/config/tc-aarch64.c
+++ b/gas/config/tc-aarch64.c
+@@ -9273,6 +9273,17 @@ static const struct aarch64_option_cpu_value_table aarch64_features[] = {
+ 					 | AARCH64_FEATURE_SHA3, 0)},
+   {"sve2-bitperm",	AARCH64_FEATURE (AARCH64_FEATURE_SVE2_BITPERM, 0),
+ 			AARCH64_FEATURE (AARCH64_FEATURE_SVE2, 0)},
+  {"sme",		AARCH64_FEATURE (AARCH64_FEATURE_SME, 0),
+			AARCH64_FEATURE (AARCH64_FEATURE_SVE2
+					 | AARCH64_FEATURE_BFLOAT16, 0)},
+  {"sme-f64",		AARCH64_FEATURE (AARCH64_FEATURE_SME_F64, 0),
+			AARCH64_FEATURE (AARCH64_FEATURE_SME
+					 | AARCH64_FEATURE_SVE2
+					 | AARCH64_FEATURE_BFLOAT16, 0)},
+  {"sme-i64",		AARCH64_FEATURE (AARCH64_FEATURE_SME_I64, 0),
+			AARCH64_FEATURE (AARCH64_FEATURE_SME
+					 | AARCH64_FEATURE_SVE2
+					 | AARCH64_FEATURE_BFLOAT16, 0)},
+   {"bf16",		AARCH64_FEATURE (AARCH64_FEATURE_BFLOAT16, 0),
+ 			AARCH64_ARCH_NONE},
+   {"i8mm",		AARCH64_FEATURE (AARCH64_FEATURE_I8MM, 0),
+diff --git a/gas/doc/c-aarch64.texi b/gas/doc/c-aarch64.texi
+index 79dce2f7..1bd93821 100644
+--- a/gas/doc/c-aarch64.texi
+++ b/gas/doc/c-aarch64.texi
+@@ -210,6 +210,12 @@ automatically cause those extensions to be disabled.
+  @tab Enable the Execution and Data and Prediction instructions.
+ @item @code{rng} @tab ARMv8.5-A @tab No
+  @tab Enable ARMv8.5-A random number instructions.
+@item @code{sme} @tab Armv9-A @tab No
+ @tab Enable SME Extension.
+@item @code{sme-f64} @tab Armv9-A @tab No
+ @tab Enable SME F64 Extension.
+@item @code{sme-i64} @tab Armv9-A @tab No
+ @tab Enable SME I64 Extension.
+ @item @code{ssbs} @tab ARMv8-A @tab ARMv8.5-A or later
+  @tab Enable Speculative Store Bypassing Safe state read and write.
+ @item @code{memtag} @tab ARMv8.5-A @tab No
+diff --git a/include/opcode/aarch64.h b/include/opcode/aarch64.h
+index 2bbd593c..7256028d 100644
+--- a/include/opcode/aarch64.h
+++ b/include/opcode/aarch64.h
+@@ -51,6 +51,7 @@ typedef uint32_t aarch64_insn;
+ #define AARCH64_FEATURE_V8_4	     (1ULL << 11) /* ARMv8.4 processors.  */
+ #define AARCH64_FEATURE_V8_R	     (1ULL << 12) /* Armv8-R processors.  */
+ #define AARCH64_FEATURE_V8_7	     (1ULL << 13) /* Armv8.7 processors.  */
+#define AARCH64_FEATURE_SME	     (1ULL << 14) /* Scalable Matrix Extension.  */
+ #define AARCH64_FEATURE_LS64	     (1ULL << 15) /* Atomic 64-byte load/store.  */
+ #define AARCH64_FEATURE_PAC	     (1ULL << 16) /* v8.3 Pointer Authentication.  */
+ #define AARCH64_FEATURE_FP	     (1ULL << 17) /* FP instructions.  */
+@@ -90,6 +91,8 @@ typedef uint32_t aarch64_insn;
+ #define AARCH64_FEATURE_F32MM	     (1ULL << 53)
+ #define AARCH64_FEATURE_F64MM	     (1ULL << 54)
+ #define AARCH64_FEATURE_FLAGM	     (1ULL << 55) /* v8.4 Flag Manipulation.  */
+#define AARCH64_FEATURE_SME_F64	     (1ULL << 57) /* SME F64.  */
+#define AARCH64_FEATURE_SME_I64	     (1ULL << 58) /* SME I64.  */
+ 
+ /* Crypto instructions are the combination of AES and SHA2.  */
+ #define AARCH64_FEATURE_CRYPTO	(AARCH64_FEATURE_SHA2 | AARCH64_FEATURE_AES)
+diff --git a/opcodes/aarch64-tbl.h b/opcodes/aarch64-tbl.h
+index 17ea851c..d63b0810 100644
+--- a/opcodes/aarch64-tbl.h
+++ b/opcodes/aarch64-tbl.h
+@@ -2401,6 +2401,14 @@ static const aarch64_feature_set aarch64_feature_sve2sm4 =
+   AARCH64_FEATURE (AARCH64_FEATURE_SVE2 | AARCH64_FEATURE_SVE2_SM4, 0);
+ static const aarch64_feature_set aarch64_feature_sve2bitperm =
+   AARCH64_FEATURE (AARCH64_FEATURE_SVE2 | AARCH64_FEATURE_SVE2_BITPERM, 0);
+static const aarch64_feature_set aarch64_feature_sme =
+  AARCH64_FEATURE (AARCH64_FEATURE_SVE2 | AARCH64_FEATURE_SME, 0);
+static const aarch64_feature_set aarch64_feature_sme_f64 =
+  AARCH64_FEATURE (AARCH64_FEATURE_SVE2 | AARCH64_FEATURE_SME
+       | AARCH64_FEATURE_SME_F64, 0);
+static const aarch64_feature_set aarch64_feature_sme_i64 =
+  AARCH64_FEATURE (AARCH64_FEATURE_SVE2 | AARCH64_FEATURE_SME
+       | AARCH64_FEATURE_SME_I64, 0);
+ static const aarch64_feature_set aarch64_feature_v8_6 =
+   AARCH64_FEATURE (AARCH64_FEATURE_V8_6, 0);
+ static const aarch64_feature_set aarch64_feature_v8_7 =
+@@ -2458,6 +2466,9 @@ static const aarch64_feature_set aarch64_feature_flagm =
+ #define SVE2_SHA3	&aarch64_feature_sve2sha3
+ #define SVE2_SM4		&aarch64_feature_sve2sm4
+ #define SVE2_BITPERM	&aarch64_feature_sve2bitperm
+#define SME		&aarch64_feature_sme
+#define SME_F64		&aarch64_feature_sme_f64
+#define SME_I64		&aarch64_feature_sme_i64
+ #define ARMV8_6		&aarch64_feature_v8_6
+ #define ARMV8_6_SVE		&aarch64_feature_v8_6
+ #define BFLOAT16_SVE	&aarch64_feature_bfloat16_sve
+-- 
+2.19.1
+
--- a/SME-0002-aarch64-SME-Add-SME-instructions.patch
+++ b/SME-0002-aarch64-SME-Add-SME-instructions.patch
--- a/SME-0003-aarch64-SME-Add-MOV-and-MOVA-instructions.patch
+++ b/SME-0003-aarch64-SME-Add-MOV-and-MOVA-instructions.patch
--- a/SME-0004-aarch64-SME-Add-ZERO-instruction.patch
+++ b/SME-0004-aarch64-SME-Add-ZERO-instruction.patch
--- a/SME-0005-aarch64-SME-Add-LD1x-ST1x-LDR-and-STR-instructions.patch
+++ b/SME-0005-aarch64-SME-Add-LD1x-ST1x-LDR-and-STR-instructions.patch
--- a/SME-0006-aarch64-SME-Add-SME-mode-selection-and-state-access-.patch
+++ b/SME-0006-aarch64-SME-Add-SME-mode-selection-and-state-access-.patch
--- a/SME-0007-aarch64-SME-Add-new-SME-system-registers.patch
+++ b/SME-0007-aarch64-SME-Add-new-SME-system-registers.patch
@ -0,0 +1,153 @@
+From dd79dd44a7e7ebc7533cfdb60f94fe2a4657ce27 Mon Sep 17 00:00:00 2001
+From: Przemyslaw Wirkus <przemyslaw.wirkus@arm.com>
+Date: Wed, 17 Nov 2021 20:20:50 +0000
+Subject: [PATCH 07/10] aarch64: [SME] Add new SME system registers
+
+Reference: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=8f1bfdb44894423680a6d56a0994dafb4b82efca
+
+This patch is adding miscellaneous SME related system registers.
+
+gas/ChangeLog:
+
+	* testsuite/gas/aarch64/sme-sysreg.d: New test.
+	* testsuite/gas/aarch64/sme-sysreg.s: New test.
+	* testsuite/gas/aarch64/sme-sysreg-illegal.d: New test.
+	* testsuite/gas/aarch64/sme-sysreg-illegal.l: New test.
+	* testsuite/gas/aarch64/sme-sysreg-illegal.s: New test.
+
+opcodes/ChangeLog:
+
+	* aarch64-opc.c: New system registers id_aa64smfr0_el1,
+	smcr_el1, smcr_el12, smcr_el2, smcr_el3, smpri_el1,
+	smprimap_el2, smidr_el1, tpidr2_el0 and mpamsm_el1.
+---
+ .../gas/aarch64/sme-sysreg-illegal.d          |  3 ++
+ .../gas/aarch64/sme-sysreg-illegal.l          |  3 ++
+ .../gas/aarch64/sme-sysreg-illegal.s          |  3 ++
+ gas/testsuite/gas/aarch64/sme-sysreg.d        | 29 +++++++++++++++++++
+ gas/testsuite/gas/aarch64/sme-sysreg.s        | 23 +++++++++++++++
+ opcodes/aarch64-opc.c                         | 12 +++++++-
+ 6 files changed, 72 insertions(+), 1 deletion(-)
+ create mode 100644 gas/testsuite/gas/aarch64/sme-sysreg-illegal.d
+ create mode 100644 gas/testsuite/gas/aarch64/sme-sysreg-illegal.l
+ create mode 100644 gas/testsuite/gas/aarch64/sme-sysreg-illegal.s
+ create mode 100644 gas/testsuite/gas/aarch64/sme-sysreg.d
+ create mode 100644 gas/testsuite/gas/aarch64/sme-sysreg.s
+
+diff --git a/gas/testsuite/gas/aarch64/sme-sysreg-illegal.d b/gas/testsuite/gas/aarch64/sme-sysreg-illegal.d
+new file mode 100644
+index 00000000..ff0e855f
+--- /dev/null
+++ b/gas/testsuite/gas/aarch64/sme-sysreg-illegal.d
+@@ -0,0 +1,3 @@
+#as: -march=armv8-a+sme
+#source: sme-sysreg-illegal.s
+#warning_output: sme-sysreg-illegal.l
+diff --git a/gas/testsuite/gas/aarch64/sme-sysreg-illegal.l b/gas/testsuite/gas/aarch64/sme-sysreg-illegal.l
+new file mode 100644
+index 00000000..6baad135
+--- /dev/null
+++ b/gas/testsuite/gas/aarch64/sme-sysreg-illegal.l
+@@ -0,0 +1,3 @@
+[^:]*: Assembler messages:
+[^:]*:[0-9]+: Warning: specified register cannot be written to at operand 1 -- `msr id_aa64smfr0_el1,x0'
+[^:]*:[0-9]+: Warning: specified register cannot be written to at operand 1 -- `msr smidr_el1,x0'
+diff --git a/gas/testsuite/gas/aarch64/sme-sysreg-illegal.s b/gas/testsuite/gas/aarch64/sme-sysreg-illegal.s
+new file mode 100644
+index 00000000..057a6bf0
+--- /dev/null
+++ b/gas/testsuite/gas/aarch64/sme-sysreg-illegal.s
+@@ -0,0 +1,3 @@
+/* Write to r/o SME system registers.  */
+msr id_aa64smfr0_el1, x0
+msr smidr_el1, x0
+diff --git a/gas/testsuite/gas/aarch64/sme-sysreg.d b/gas/testsuite/gas/aarch64/sme-sysreg.d
+new file mode 100644
+index 00000000..8eaf73ca
+--- /dev/null
+++ b/gas/testsuite/gas/aarch64/sme-sysreg.d
+@@ -0,0 +1,29 @@
+#name: SME extension (system registers)
+#as: -march=armv8-a+sme
+#objdump: -dr
+
+.*:     file format .*
+
+Disassembly of section \.text:
+
+0+ <.*>:
+   0:	d53b4240 	mrs	x0, svcr
+   4:	d53804a0 	mrs	x0, id_aa64smfr0_el1
+   8:	d53812c0 	mrs	x0, smcr_el1
+   c:	d53d12c0 	mrs	x0, smcr_el12
+  10:	d53c12c0 	mrs	x0, smcr_el2
+  14:	d53e12c0 	mrs	x0, smcr_el3
+  18:	d5381280 	mrs	x0, smpri_el1
+  1c:	d53c12a0 	mrs	x0, smprimap_el2
+  20:	d53900c0 	mrs	x0, smidr_el1
+  24:	d53bd0a0 	mrs	x0, tpidr2_el0
+  28:	d538a560 	mrs	x0, mpamsm_el1
+  2c:	d51b4240 	msr	svcr, x0
+  30:	d51812c0 	msr	smcr_el1, x0
+  34:	d51d12c0 	msr	smcr_el12, x0
+  38:	d51c12c0 	msr	smcr_el2, x0
+  3c:	d51e12c0 	msr	smcr_el3, x0
+  40:	d5181280 	msr	smpri_el1, x0
+  44:	d51c12a0 	msr	smprimap_el2, x0
+  48:	d51bd0a0 	msr	tpidr2_el0, x0
+  4c:	d518a560 	msr	mpamsm_el1, x0
+diff --git a/gas/testsuite/gas/aarch64/sme-sysreg.s b/gas/testsuite/gas/aarch64/sme-sysreg.s
+new file mode 100644
+index 00000000..ce8a2942
+--- /dev/null
+++ b/gas/testsuite/gas/aarch64/sme-sysreg.s
+@@ -0,0 +1,23 @@
+/* Read SME system registers.  */
+mrs x0, svcr
+mrs x0, id_aa64smfr0_el1
+mrs x0, smcr_el1
+mrs x0, smcr_el12
+mrs x0, smcr_el2
+mrs x0, smcr_el3
+mrs x0, smpri_el1
+mrs x0, smprimap_el2
+mrs x0, smidr_el1
+mrs x0, tpidr2_el0
+mrs x0, mpamsm_el1
+
+/* Write to SME system registers.  */
+msr svcr, x0
+msr smcr_el1, x0
+msr smcr_el12, x0
+msr smcr_el2, x0
+msr smcr_el3, x0
+msr smpri_el1, x0
+msr smprimap_el2, x0
+msr tpidr2_el0, x0
+msr mpamsm_el1, x0
+diff --git a/opcodes/aarch64-opc.c b/opcodes/aarch64-opc.c
+index dba8bcba..923ddefe 100644
+--- a/opcodes/aarch64-opc.c
+++ b/opcodes/aarch64-opc.c
+@@ -4826,7 +4826,17 @@ const aarch64_sys_reg aarch64_sys_regs [] =
+   SR_CORE ("gpccr_el3",     CPENC (3,6,C2,C1,6), 0),
+   SR_CORE ("gptbr_el3",     CPENC (3,6,C2,C1,4), 0),
+ 
+-  SR_SME ("svcr",           CPENC (3,3,C4,C2,2), 0),
+  SR_SME ("svcr",             CPENC (3,3,C4,C2,2),  0),
+  SR_SME ("id_aa64smfr0_el1", CPENC (3,0,C0,C4,5),  F_REG_READ),
+  SR_SME ("smcr_el1",         CPENC (3,0,C1,C2,6),  0),
+  SR_SME ("smcr_el12",        CPENC (3,5,C1,C2,6),  0),
+  SR_SME ("smcr_el2",         CPENC (3,4,C1,C2,6),  0),
+  SR_SME ("smcr_el3",         CPENC (3,6,C1,C2,6),  0),
+  SR_SME ("smpri_el1",        CPENC (3,0,C1,C2,4),  0),
+  SR_SME ("smprimap_el2",     CPENC (3,4,C1,C2,5),  0),
+  SR_SME ("smidr_el1",        CPENC (3,1,C0,C0,6),  F_REG_READ),
+  SR_SME ("tpidr2_el0",       CPENC (3,3,C13,C0,5), 0),
+  SR_SME ("mpamsm_el1",       CPENC (3,0,C10,C5,3), 0),
+ 
+   { 0, CPENC (0,0,0,0,0), 0, 0 }
+ };
+-- 
+2.19.1
+
--- a/SME-0008-aarch64-SME-SVE2-instructions-added-to-support-SME.patch
+++ b/SME-0008-aarch64-SME-SVE2-instructions-added-to-support-SME.patch
--- a/SME-0009-aarch64-Check-for-register-aliases-before-mnemonics.patch
+++ b/SME-0009-aarch64-Check-for-register-aliases-before-mnemonics.patch
@ -0,0 +1,221 @@
+From e4afe464b120e181747b1108a23e0da2d16abd99 Mon Sep 17 00:00:00 2001
+From: Richard Sandiford <richard.sandiford@arm.com>
+Date: Tue, 30 Nov 2021 17:50:24 +0000
+Subject: [PATCH 09/10] aarch64: Check for register aliases before mnemonics
+
+Reference: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=2dd3146b4ffcb8528a6e093741ba31636afdf8ae
+
+Previously we would not accept:
+
+	A .req B
+
+if A happened to be the name of an instruction.  Adding new
+instructions could therefore invalidate existing register aliases.
+
+I noticed this with a test that used "zero" as a register alias
+for "xzr", where "zero" is now also the name of an SME instruction.
+I don't have any evidence that "real" code is doing this, but it
+seems at least plausible.
+
+This patch switches things so that we check for register aliases
+first.  It might slow down parsing slightly, but the difference
+is unlikely to be noticeable.
+
+Things like:
+
+	b	.req + 0
+
+still work, since create_register_alias checks for " .req ",
+and with the input scrubber, we'll only keep whitespace after
+.req if it's followed by another name.  If there's some valid
+expression that I haven't thought about that is scrubbed to
+" .req ", users could avoid the ambiguity by wrapping .req
+in parentheses.
+
+The new test for invalid aliases already passed.  I just wanted
+something to exercise the !dot condition.
+
+I can't find a way of exercising the (existing) p == base condition,
+but I'm not brave enough to say that it can never happen.  If it does
+happen, get_mnemonic_name would return an empty string.
+
+gas/
+	* config/tc-aarch64.c (opcode_lookup): Move mnemonic extraction
+	code to...
+	(md_assemble): ...here.  Check for register aliases first.
+	* testsuite/gas/aarch64/register_aliases.d,
+	testsuite/gas/aarch64/register_aliases.s: Test for a register
+	alias called "zero".
+	* testsuite/gas/aarch64/register_aliases_invalid.d,
+	testsuite/gas/aarch64/register_aliases_invalid.l,
+	testsuite/gas/aarch64/register_aliases_invalid.s: New test.
+---
+ gas/config/tc-aarch64.c                       | 62 +++++++++----------
+ gas/testsuite/gas/aarch64/register_aliases.d  |  1 +
+ gas/testsuite/gas/aarch64/register_aliases.s  |  3 +-
+ .../gas/aarch64/register_aliases_invalid.d    |  1 +
+ .../gas/aarch64/register_aliases_invalid.l    |  3 +
+ .../gas/aarch64/register_aliases_invalid.s    |  2 +
+ 6 files changed, 38 insertions(+), 34 deletions(-)
+ create mode 100644 gas/testsuite/gas/aarch64/register_aliases_invalid.d
+ create mode 100644 gas/testsuite/gas/aarch64/register_aliases_invalid.l
+ create mode 100644 gas/testsuite/gas/aarch64/register_aliases_invalid.s
+
+diff --git a/gas/config/tc-aarch64.c b/gas/config/tc-aarch64.c
+index ea58d9b0..c9677edc 100644
+--- a/gas/config/tc-aarch64.c
+++ b/gas/config/tc-aarch64.c
+@@ -5786,25 +5786,18 @@ lookup_mnemonic (const char *start, int len)
+ }
+ 
+ /* Subroutine of md_assemble, responsible for looking up the primary
+-   opcode from the mnemonic the user wrote.  STR points to the
+-   beginning of the mnemonic. */
+   opcode from the mnemonic the user wrote.  BASE points to the beginning
+   of the mnemonic, DOT points to the first '.' within the mnemonic
+   (if any) and END points to the end of the mnemonic.  */
+ 
+ static templates *
+-opcode_lookup (char **str)
+opcode_lookup (char *base, char *dot, char *end)
+ {
+-  char *end, *base, *dot;
+   const aarch64_cond *cond;
+   char condname[16];
+   int len;
+ 
+-  /* Scan up to the end of the mnemonic, which must end in white space,
+-     '.', or end of string.  */
+-  dot = 0;
+-  for (base = end = *str; is_part_of_name(*end); end++)
+-    if (*end == '.' && !dot)
+-      dot = end;
+-
+-  if (end == base || dot == base)
+  if (dot == end)
+     return 0;
+ 
+   inst.cond = COND_ALWAYS;
+@@ -5813,23 +5806,13 @@ opcode_lookup (char **str)
+   if (dot)
+     {
+       cond = str_hash_find_n (aarch64_cond_hsh, dot + 1, end - dot - 1);
+-      if (cond)
+-	{
+-	  inst.cond = cond->value;
+-	  *str = end;
+-	}
+-      else
+-	{
+-	  *str = dot;
+-	  return 0;
+-	}
+      if (!cond)
+	return 0;
+      inst.cond = cond->value;
+       len = dot - base;
+     }
+   else
+-    {
+-      *str = end;
+-      len = end - base;
+-    }
+    len = end - base;
+ 
+   if (inst.cond == COND_ALWAYS)
+     {
+@@ -7918,7 +7901,6 @@ dump_opcode_operands (const aarch64_opcode *opcode)
+ void
+ md_assemble (char *str)
+ {
+-  char *p = str;
+   templates *template;
+   const aarch64_opcode *opcode;
+   aarch64_inst *inst_base;
+@@ -7941,14 +7923,28 @@ md_assemble (char *str)
+   DEBUG_TRACE ("==============================");
+   DEBUG_TRACE ("Enter md_assemble with %s", str);
+ 
+-  template = opcode_lookup (&p);
+  /* Scan up to the end of the mnemonic, which must end in whitespace,
+     '.', or end of string.  */
+  char *p = str;
+  char *dot = 0;
+  for (; is_part_of_name (*p); p++)
+    if (*p == '.' && !dot)
+      dot = p;
+
+  if (p == str)
+    {
+      as_bad (_("unknown mnemonic -- `%s'"), str);
+      return;
+    }
+
+  if (!dot && create_register_alias (str, p))
+    return;
+
+  template = opcode_lookup (str, dot, p);
+   if (!template)
+     {
+-      /* It wasn't an instruction, but it might be a register alias of
+-         the form alias .req reg directive.  */
+-      if (!create_register_alias (str, p))
+-	as_bad (_("unknown mnemonic `%s' -- `%s'"), get_mnemonic_name (str),
+-		str);
+      as_bad (_("unknown mnemonic `%s' -- `%s'"), get_mnemonic_name (str),
+	      str);
+       return;
+     }
+ 
+diff --git a/gas/testsuite/gas/aarch64/register_aliases.d b/gas/testsuite/gas/aarch64/register_aliases.d
+index eab63870..8d614b47 100644
+--- a/gas/testsuite/gas/aarch64/register_aliases.d
+++ b/gas/testsuite/gas/aarch64/register_aliases.d
+@@ -10,3 +10,4 @@ Disassembly of section \.text:
+    8:	f94003b1 	ldr	x17, \[x29\]
+    c:	f90003b0 	str	x16, \[x29\]
+   10:	f94003b1 	ldr	x17, \[x29\]
+  14:	f900001f 	str	xzr, \[x0\]
+diff --git a/gas/testsuite/gas/aarch64/register_aliases.s b/gas/testsuite/gas/aarch64/register_aliases.s
+index fcd06507..856be569 100644
+--- a/gas/testsuite/gas/aarch64/register_aliases.s
+++ b/gas/testsuite/gas/aarch64/register_aliases.s
+@@ -3,9 +3,10 @@
+ 	fp 	.req 	x29
+ 	ip0	.req 	x16
+ 	ip1	.req 	x17
+	zero	.req	xzr
+ 	add	ip0, ip0, lr
+ 	str 	ip0, [fp]
+ 	ldr	ip1, [fp]
+ 	str 	IP0, [fp]
+ 	ldr	IP1, [fp]
+-
+	str	zero, [x0]
+diff --git a/gas/testsuite/gas/aarch64/register_aliases_invalid.d b/gas/testsuite/gas/aarch64/register_aliases_invalid.d
+new file mode 100644
+index 00000000..7c453ce0
+--- /dev/null
+++ b/gas/testsuite/gas/aarch64/register_aliases_invalid.d
+@@ -0,0 +1 @@
+#error_output: register_aliases_invalid.l
+diff --git a/gas/testsuite/gas/aarch64/register_aliases_invalid.l b/gas/testsuite/gas/aarch64/register_aliases_invalid.l
+new file mode 100644
+index 00000000..6350049d
+--- /dev/null
+++ b/gas/testsuite/gas/aarch64/register_aliases_invalid.l
+@@ -0,0 +1,3 @@
+.*:
+.*: Error: unknown mnemonic `lr\.req' -- `lr\.req x30'
+.*: Error: unknown mnemonic `lr\.a' -- `lr\.a .req x30'
+diff --git a/gas/testsuite/gas/aarch64/register_aliases_invalid.s b/gas/testsuite/gas/aarch64/register_aliases_invalid.s
+new file mode 100644
+index 00000000..2df2eaab
+--- /dev/null
+++ b/gas/testsuite/gas/aarch64/register_aliases_invalid.s
+@@ -0,0 +1,2 @@
+lr.req 	x30
+lr.a	.req	x30
+-- 
+2.19.1
+
--- a/SME-0010-aarch64-Add-support-for-new-SME-instructions.patch
+++ b/SME-0010-aarch64-Add-support-for-new-SME-instructions.patch
--- a/backport-CVE-2019-1010204.patch
+++ b/backport-CVE-2019-1010204.patch
--- a/backport-CVE-2022-38533.patch
+++ b/backport-CVE-2022-38533.patch
@ -0,0 +1,33 @@
+From ef186fe54aa6d281a3ff8a9528417e5cc614c797 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sat, 13 Aug 2022 15:32:47 +0930
+Subject: [PATCH] PR29482 - strip: heap-buffer-overflow
+
+	PR 29482
+	* coffcode.h (coff_set_section_contents): Sanity check _LIB.
+---
+ bfd/coffcode.h | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/bfd/coffcode.h b/bfd/coffcode.h
+index 67aaf158ca1..52027981c3f 100644
+--- a/bfd/coffcode.h
+++ b/bfd/coffcode.h
+@@ -4302,10 +4302,13 @@ coff_set_section_contents (bfd * abfd,
+ 
+ 	rec = (bfd_byte *) location;
+ 	recend = rec + count;
+-	while (rec < recend)
+	while (recend - rec >= 4)
+ 	  {
+	    size_t len = bfd_get_32 (abfd, rec);
+	    if (len == 0 || len > (size_t) (recend - rec) / 4)
+	      break;
+	    rec += len * 4;
+ 	    ++section->lma;
+-	    rec += bfd_get_32 (abfd, rec) * 4;
+ 	  }
+ 
+ 	BFD_ASSERT (rec == recend);
+-- 
+2.39.3
--- a/backport-CVE-2022-47008.patch
+++ b/backport-CVE-2022-47008.patch
--- a/backport-CVE-2024-57630.patch
+++ b/backport-CVE-2024-57630.patch
@ -0,0 +1,71 @@
+From 5f8987d3999edb26e757115fe87be55787d510b9 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 17 Dec 2024 09:18:57 +0000
+Subject: [PATCH] nm: Avoid potential segmentation fault when displaying
+ symbols without version info.
+
+PR 32467
+---
+ binutils/nm.c | 24 ++++++++++++++++--------
+ 1 file changed, 16 insertions(+), 8 deletions(-)
+
+diff --git a/binutils/nm.c b/binutils/nm.c
+index faf27c59b4d..0ba7604d34f 100644
+--- a/binutils/nm.c
+++ b/binutils/nm.c
+@@ -682,7 +682,7 @@ print_symname (const char *form, struct extended_symbol_info *info,
+ 	       const char *name, bfd *abfd)
+ {
+   char *alloc = NULL;
+-  char *atver = NULL;
+  char *atname = NULL;
+ 
+   if (name == NULL)
+     name = info->sinfo->name;
+@@ -690,9 +690,19 @@ print_symname (const char *form, struct extended_symbol_info *info,
+   if (!with_symbol_versions
+       && bfd_get_flavour (abfd) == bfd_target_elf_flavour)
+     {
+-      atver = strchr (name, '@');
+      char *atver = strchr (name, '@');
+
+       if (atver)
+-	*atver = 0;
+	{
+	  /* PR 32467 - Corrupt binaries might include an @ character in a
+	     symbol name.  Since non-versioned symbol names can be in
+	     read-only memory (via memory mapping of a file's contents) we
+	     cannot just replace the @ character with a NUL.  Instead we
+	     create a truncated copy of the name.  */
+	  atname = xstrdup (name);
+	  atname [atver - name] = 0;
+	  name = atname;
+	}
+     }
+ 
+   if (do_demangle && *name)
+@@ -703,9 +713,7 @@ print_symname (const char *form, struct extended_symbol_info *info,
+     }
+ 
+   if (unicode_display != unicode_default)
+-    {
+-      name = convert_utf8 (name);
+-    }
+    name = convert_utf8 (name);
+ 
+   if (info != NULL && info->elfinfo && with_symbol_versions)
+     {
+@@ -726,8 +734,8 @@ print_symname (const char *form, struct extended_symbol_info *info,
+ 	}
+     }
+   printf (form, name);
+-  if (atver)
+-    *atver = '@';
+
+  free (atname);
+   free (alloc);
+ }
+ 
+-- 
+2.43.5
+
--- a/backport-CVE-2025-0840.patch
+++ b/backport-CVE-2025-0840.patch
@ -0,0 +1,53 @@
+From baac6c221e9d69335bf41366a1c7d87d8ab2f893 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Wed, 15 Jan 2025 19:13:43 +1030
+Subject: [PATCH] PR32560 stack-buffer-overflow at objdump disassemble_bytes
+
+There's always someone pushing the boundaries.
+
+	PR 32560
+	* objdump.c (MAX_INSN_WIDTH): Define.
+	(insn_width): Make it an unsigned long.
+	(disassemble_bytes): Use MAX_INSN_WIDTH to size buffer.
+	(main <OPTION_INSN_WIDTH>): Restrict size of insn_width.
+---
+ binutils/objdump.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/binutils/objdump.c b/binutils/objdump.c
+index ecbe39e942e..80044dea580 100644
+--- a/binutils/objdump.c
+++ b/binutils/objdump.c
+@@ -109,7 +109,8 @@ static bool disassemble_all;		/* -D */
+ static int disassemble_zeroes;		/* --disassemble-zeroes */
+ static bool formats_info;		/* -i */
+ static int wide_output;			/* -w */
+-static int insn_width;			/* --insn-width */
+#define MAX_INSN_WIDTH 49
+static unsigned long insn_width;	/* --insn-width */
+ static bfd_vma start_address = (bfd_vma) -1; /* --start-address */
+ static bfd_vma stop_address = (bfd_vma) -1;  /* --stop-address */
+ static int dump_debugging;		/* --debugging */
+@@ -2900,7 +2901,7 @@ disassemble_bytes (struct disassemble_info *inf,
+ 	}
+       else
+ 	{
+-	  char buf[50];
+	  char buf[MAX_INSN_WIDTH + 1];
+ 	  unsigned int bpc = 0;
+ 	  unsigned int pb = 0;
+ 
+@@ -5453,8 +5454,9 @@ main (int argc, char **argv)
+ 	  break;
+ 	case OPTION_INSN_WIDTH:
+ 	  insn_width = strtoul (optarg, NULL, 0);
+-	  if (insn_width <= 0)
+-	    fatal (_("error: instruction width must be positive"));
+	  if (insn_width - 1 >= MAX_INSN_WIDTH)
+	    fatal (_("error: instruction width must be in the range 1 to "
+		     XSTRING (MAX_INSN_WIDTH)));
+ 	  break;
+ 	case OPTION_INLINES:
+ 	  unwind_inlines = true;
+2.43.5
+
--- a/backport-Fix-a-potential-use-of-an-uninitialised-value-in-the.patch
+++ b/backport-Fix-a-potential-use-of-an-uninitialised-value-in-the.patch
--- a/backport-0001-PR28391-strip-objcopy-preserve-dates-.a-cannot-set-t.patch
+++ b/backport-0001-PR28391-strip-objcopy-preserve-dates-.a-cannot-set-t.patch
--- a/backport-bfd-Close-the-file-descriptor-if-there-is-no-archive.patch
+++ b/backport-bfd-Close-the-file-descriptor-if-there-is-no-archive.patch
--- a/backport-binutils-AArch64-EFI.patch
+++ b/backport-binutils-AArch64-EFI.patch
--- a/backport-libctf-fix-ref-leak-of-names-of-newly-inserted-non-r.patch
+++ b/backport-libctf-fix-ref-leak-of-names-of-newly-inserted-non-r.patch
@ -0,0 +1,51 @@
+From 0daea2d62ccdcf453d0885571aab1aca05bc847d Mon Sep 17 00:00:00 2001
+From: Nick Alcock <nick.alcock@oracle.com>
+Date: Mon, 29 Jul 2024 12:45:09 +0100
+Subject: [PATCH] libctf: fix ref leak of names of newly-inserted
+ non-root-visible types
+
+A bug in ctf_dtd_delete led to refs in the string table to the
+names of non-root-visible types not being removed when the DTD
+was.  This seems harmless, but actually it would lead to a write
+down a pointer into freed memory if such a type was ctf_rollback()ed
+over and then the dict was serialized (updating all the refs as the
+strtab was serialized in turn).
+
+Bug introduced in commit fe4c2d55634c700ba527ac4183e05c66e9f93c62
+("libctf: create: non-root-visible types should not appear in name tables")
+which is included in binutils 2.35.
+
+libctf/
+	* ctf-create.c (ctf_dtd_delete): Remove refs for all types
+	with names, not just root-visible ones.
+
+Reference:https://github.com/bminor/binutils-gdb/commit/0daea2d62ccdcf453d0885571aab1aca05bc847d
+Conflict:NA
+
+---
+ libctf/ctf-create.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/libctf/ctf-create.c b/libctf/ctf-create.c
+index 2d232d40..2a45192b 100644
+--- a/libctf/ctf-create.c
+++ b/libctf/ctf-create.c
+@@ -288,11 +288,11 @@ ctf_dtd_delete (ctf_dict_t *fp, ctf_dtdef_t *dtd)
+   dtd->dtd_vlen_alloc = 0;
+ 
+   if (dtd->dtd_data.ctt_name
+-      && (name = ctf_strraw (fp, dtd->dtd_data.ctt_name)) != NULL
+-      && LCTF_INFO_ISROOT (fp, dtd->dtd_data.ctt_info))
+      && (name = ctf_strraw (fp, dtd->dtd_data.ctt_name)) != NULL)
+     {
+-      ctf_dynhash_remove (ctf_name_table (fp, name_kind)->ctn_writable,
+-			  name);
+      if (LCTF_INFO_ISROOT (fp, dtd->dtd_data.ctt_info))
+	ctf_dynhash_remove (ctf_name_table (fp, name_kind)->ctn_writable,
+			    name);
+       ctf_str_remove_ref (fp, name, &dtd->dtd_data.ctt_name);
+     }
+ 
+-- 
+2.43.0
+
--- a/backport-0001-texi2pod.pl-add-no-op-no-split-option-support-PR2814.patch
+++ b/backport-0001-texi2pod.pl-add-no-op-no-split-option-support-PR2814.patch
--- a/binutils.spec
+++ b/binutils.spec
@ -1,7 +1,7 @@
 Summary: Binary utilities
 Name:    binutils
 Version: 2.37
-Release: 24
+Release: 29
 License: GPLv3+
 URL:     https://sourceware.org/binutils

@ -14,85 +14,108 @@ Source:  https://ftp.gnu.org/gnu/binutils/binutils-%{version}.tar.xz
 %bcond_with gold
 %endif

-Patch0:  binutils-2.20.51.0.2-libtool-lib64.patch
-Patch1:  export-demangle.h-in-devel-package.patch
-#BUZ:845084
-Patch2:  binutils-2.22.52.0.4-no-config-h-check.patch
-#BUG:1452111
-Patch3:  binutils-2.27-aarch64-ifunc.patch
+# OpenEuler Patch Naming Rules
+# https://gitee.com/openeuler/TC/blob/master/oEEP/oEEP-0012%20openEuler%E8%BD%AF%E4%BB%B6%E5%8C%85%E9%9D%9Eupstream%E6%94%AF%E6%8C%81%E5%A4%9A%E6%9E%B6%E6%9E%84%E4%BB%A3%E7%A0%81%E6%8F%90%E4%BA%A4%E8%A7%84%E5%88%99.md

-#PATCH-CVE-UPSTREAM
-Patch4:  CVE-2019-1010204.patch
+# Patch 3000 - 4999

-Patch5:  Fix-a-potential-use-of-an-uninitialised-value-in-the.patch
-Patch6:  backport-CVE-2021-45078.patch
-Patch7:  backport-0001-CVE-2021-42574.patch
-Patch8:  backport-0002-CVE-2021-42574.patch
-Patch9:  backport-0003-CVE-2021-42574.patch
-Patch10: bfd-Close-the-file-descriptor-if-there-is-no-archive.patch
-Patch11: binutils-AArch64-EFI.patch
-Patch12: backport-0001-PR28391-strip-objcopy-preserve-dates-.a-cannot-set-t.patch
+Patch3001: backport-CVE-2019-1010204.patch
+Patch3002: backport-Fix-a-potential-use-of-an-uninitialised-value-in-the.patch
+Patch3003: backport-CVE-2021-45078.patch
+Patch3004: backport-0001-CVE-2021-42574.patch
+Patch3005: backport-0002-CVE-2021-42574.patch
+Patch3006: backport-0003-CVE-2021-42574.patch
+Patch3007: backport-bfd-Close-the-file-descriptor-if-there-is-no-archive.patch
+Patch3008: backport-binutils-AArch64-EFI.patch
+Patch3009: backport-PR28391-strip-objcopy-preserve-dates-.a-cannot-set-t.patch

-Patch13: 0001-x86-Add-int1-as-one-byte-opcode-0xf1.patch
-Patch14: 0002-x86-drop-OP_Mask.patch
-Patch15: 0003-x86-correct-VCVT-U-SI2SD-rounding-mode-handling.patch
-Patch16: 0004-x86-64-generalize-OP_G-s-EVEX.R-handling.patch
-Patch17: 0005-x86-64-properly-bounds-check-bnd-N-in-OP_G.patch
-Patch18: 0006-x86-fold-duplicate-register-printing-code.patch
-Patch19: 0007-x86-fold-duplicate-code-in-MOVSXD_Fixup.patch
-Patch20: 0008-x86-correct-EVEX.V-handling-outside-of-64-bit-mode.patch
-Patch21: 0009-x86-drop-vex_mode-and-vex_scalar_mode.patch
-Patch22: 0010-x86-fold-duplicate-vector-register-printing-code.patch
-Patch23: 0011-x86-drop-xmm_m-b-w-d-q-_mode.patch
-Patch24: 0012-x86-drop-vex_scalar_w_dq_mode.patch
-Patch25: 0013-x86-drop-dq-b-d-_mode.patch
-Patch26: 0014-x86-express-unduly-set-rounding-control-bits-in-disa.patch
-Patch27: 0015-x86-Simplify-check-for-distinct-TMM-register-operand.patch
-Patch28: 0016-PATCH-1-2-Enable-Intel-AVX512_FP16-instructions.patch
-Patch29: 0017-PATCH-2-2-Add-tests-for-Intel-AVX512_FP16-instructio.patch
-Patch30: 0018-x86-ELF-fix-.tfloat-output.patch
-Patch31: 0019-x86-ELF-fix-.ds.x-output.patch
-Patch32: 0020-x86-ELF-fix-.tfloat-output-with-hex-input.patch
-Patch33: 0021-x86-introduce-.hfloat-directive.patch
-Patch34: 0022-x86-Avoid-abort-on-invalid-broadcast.patch
-Patch35: 0023-x86-Put-back-3-aborts-in-OP_E_memory.patch
-Patch36: 0024-x86-Print-bad-on-invalid-broadcast-in-OP_E_memory.patch
-Patch37: 0025-x86-Terminate-mnemonicendp-in-swap_operand.patch
-Patch38: 0026-opcodes-Make-i386-dis.c-thread-safe.patch
-Patch39: 0027-x86-reduce-AVX512-FP16-set-of-insns-decoded-through-.patch
-Patch40: 0028-x86-reduce-AVX512-FP-set-of-insns-decoded-through-ve.patch
-Patch41: 0029-x86-consistently-use-scalar_mode-for-AVX512-FP16-sca.patch
-Patch42: backport-CVE-2022-38126.patch
+# AVX512
+Patch3010: AVX512-0001-x86-Add-int1-as-one-byte-opcode-0xf1.patch
+Patch3011: AVX512-0002-x86-drop-OP_Mask.patch
+Patch3012: AVX512-0003-x86-correct-VCVT-U-SI2SD-rounding-mode-handling.patch
+Patch3013: AVX512-0004-x86-64-generalize-OP_G-s-EVEX.R-handling.patch
+Patch3014: AVX512-0005-x86-64-properly-bounds-check-bnd-N-in-OP_G.patch
+Patch3015: AVX512-0006-x86-fold-duplicate-register-printing-code.patch
+Patch3016: AVX512-0007-x86-fold-duplicate-code-in-MOVSXD_Fixup.patch
+Patch3017: AVX512-0008-x86-correct-EVEX.V-handling-outside-of-64-bit-mode.patch
+Patch3018: AVX512-0009-x86-drop-vex_mode-and-vex_scalar_mode.patch
+Patch3019: AVX512-0010-x86-fold-duplicate-vector-register-printing-code.patch
+Patch3020: AVX512-0011-x86-drop-xmm_m-b-w-d-q-_mode.patch
+Patch3021: AVX512-0012-x86-drop-vex_scalar_w_dq_mode.patch
+Patch3022: AVX512-0013-x86-drop-dq-b-d-_mode.patch
+Patch3023: AVX512-0014-x86-express-unduly-set-rounding-control-bits-in-disa.patch
+Patch3024: AVX512-0015-x86-Simplify-check-for-distinct-TMM-register-operand.patch
+Patch3025: AVX512-0016-PATCH-1-2-Enable-Intel-AVX512_FP16-instructions.patch
+Patch3026: AVX512-0017-PATCH-2-2-Add-tests-for-Intel-AVX512_FP16-instructio.patch
+Patch3027: AVX512-0018-x86-ELF-fix-.tfloat-output.patch
+Patch3028: AVX512-0019-x86-ELF-fix-.ds.x-output.patch
+Patch3029: AVX512-0020-x86-ELF-fix-.tfloat-output-with-hex-input.patch
+Patch3030: AVX512-0021-x86-introduce-.hfloat-directive.patch
+Patch3031: AVX512-0022-x86-Avoid-abort-on-invalid-broadcast.patch
+Patch3032: AVX512-0023-x86-Put-back-3-aborts-in-OP_E_memory.patch
+Patch3033: AVX512-0024-x86-Print-bad-on-invalid-broadcast-in-OP_E_memory.patch
+Patch3034: AVX512-0025-x86-Terminate-mnemonicendp-in-swap_operand.patch
+Patch3035: AVX512-0026-opcodes-Make-i386-dis.c-thread-safe.patch
+Patch3036: AVX512-0027-x86-reduce-AVX512-FP16-set-of-insns-decoded-through-.patch
+Patch3037: AVX512-0028-x86-reduce-AVX512-FP-set-of-insns-decoded-through-ve.patch
+Patch3038: AVX512-0029-x86-consistently-use-scalar_mode-for-AVX512-FP16-sca.patch

-Patch43: backport-0001-texi2pod.pl-add-no-op-no-split-option-support-PR2814.patch
+Patch3039: backport-CVE-2022-38126.patch
+Patch3040: backport-texi2pod.pl-add-no-op-no-split-option-support-PR2814.patch
+Patch3041: backport-AArch64-Add-support-for-AArch64-EFI-efi-aarch64.patch
+Patch3042: backport-Add-support-for-AArch64-EFI-efi-aarch64.patch
+Patch3043: backport-don-t-over-align-file-positions-of-PE-executable-sec.patch
+Patch3044: backport-PR28186-SEGV-elf.c-7991-30-in-_bfd_elf_fixup_group_sections.patch
+Patch3045: backport-PR28422-build_id-use-after-free.patch
+Patch3046: backport-PR28540-segmentation-fault-on-NULL-byte_get.patch
+Patch3047: backport-CVE-2022-47008.patch
+Patch3048: backport-CVE-2022-47011.patch
+Patch3049: backport-CVE-2022-47696.patch
+Patch3050: backport-CVE-2021-46174.patch
+Patch3051: backport-CVE-2023-1972.patch
+Patch3052: backport-CVE-2022-48064.patch
+Patch3053: backport-CVE-2022-4285.patch
+Patch3054: backport-CVE-2022-38533.patch

-Patch44: backport-AArch64-Add-support-for-AArch64-EFI-efi-aarch64.patch
-Patch45: backport-Add-support-for-AArch64-EFI-efi-aarch64.patch
-Patch46: backport-don-t-over-align-file-positions-of-PE-executable-sec.patch
-Patch47: backport-PR28186-SEGV-elf.c-7991-30-in-_bfd_elf_fixup_group_sections.patch
-Patch48: backport-PR28422-build_id-use-after-free.patch
-Patch49: backport-PR28540-segmentation-fault-on-NULL-byte_get.patch
-Patch50: Fix-gold-relocation-offset-and-adrp-signed-shife.patch
-Patch51: CVE-2022-47008.patch
-Patch52: backport-CVE-2022-47011.patch
-Patch53: backport-CVE-2022-47696.patch
-Patch54: backport-CVE-2021-46174.patch
-Patch55: backport-CVE-2023-1972.patch
-Patch56: backport-CVE-2022-48064.patch
-Patch57: backport-CVE-2022-4285.patch
+# SME
+Patch3055: SME-0001-aarch64-SME-Add-sme-option-to-march.patch
+Patch3056: SME-0002-aarch64-SME-Add-SME-instructions.patch
+Patch3057: SME-0003-aarch64-SME-Add-MOV-and-MOVA-instructions.patch
+Patch3058: SME-0004-aarch64-SME-Add-ZERO-instruction.patch
+Patch3059: SME-0005-aarch64-SME-Add-LD1x-ST1x-LDR-and-STR-instructions.patch
+Patch3060: SME-0006-aarch64-SME-Add-SME-mode-selection-and-state-access-.patch
+Patch3061: SME-0007-aarch64-SME-Add-new-SME-system-registers.patch
+Patch3062: SME-0008-aarch64-SME-SVE2-instructions-added-to-support-SME.patch
+Patch3063: SME-0009-aarch64-Check-for-register-aliases-before-mnemonics.patch
+Patch3064: SME-0010-aarch64-Add-support-for-new-SME-instructions.patch
+Patch3065: backport-libctf-fix-ref-leak-of-names-of-newly-inserted-non-r.patch
+Patch3066: backport-CVE-2024-57630.patch
+Patch3067: backport-CVE-2025-0840.patch

 %ifarch loongarch64
-# LoongArch-related patches start with Patch101
-Patch1000: LoongArch-binutils-Add-LoongArch-support.patch
-Patch1001: LoongArch-Fixup-unresolve-symbols-problem.patch
-Patch1002: LoongArch-Fix-PLT-entry-generate-bug.patch
-Patch1003: LoongArch-gas-add-support-using-constant-variable-in.patch
-Patch1004: LoongArch-Fixup-gas-check-illegal-for-b-label.patch
-Patch1005: LoongArch-Fixup-check-file-for-ifunc-reloc.patch
+# LoongArch
+Patch4001: LoongArch-binutils-Add-LoongArch-support.patch
+Patch4002: LoongArch-Fixup-unresolve-symbols-problem.patch
+Patch4003: LoongArch-Fix-PLT-entry-generate-bug.patch
+Patch4004: LoongArch-gas-add-support-using-constant-variable-in.patch
+Patch4005: LoongArch-Fixup-gas-check-illegal-for-b-label.patch
+Patch4006: LoongArch-Fixup-check-file-for-ifunc-reloc.patch
 %endif
+
+# Patch 5000 -
+
+Patch5001: binutils-2.20.51.0.2-libtool-lib64.patch
+Patch5002: export-demangle.h-in-devel-package.patch
+# BUZ:845084
+Patch5003: binutils-2.22.52.0.4-no-config-h-check.patch
+# BUG:1452111
+Patch5004: binutils-2.27-aarch64-ifunc.patch
+Patch5005: Fix-gold-relocation-offset-and-adrp-signed-shife.patch
+
 %ifarch sw_64
-Patch1006: 1006-add-sw_64-support-not-upstream-new-files.patch
-Patch1007: 1007-add-sw_64-support-not-upstream-modified-files.patch
+# sw_64
+Patch6001: sw_64-support-not-upstream-new-files.patch
+Patch6002: sw_64-support-not-upstream-modified-files.patch
 %endif

 Provides: bundled(libiberty)
@ -100,9 +123,9 @@ Provides: bundled(libiberty)
 Buildroot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)

 BuildRequires: gcc, perl, sed, coreutils, dejagnu, zlib-devel, glibc-static, sharutils, bc, libstdc++-static
-BuildRequires: bison, m4, gcc-c++, gettext, flex, zlib-devel, texinfo >= 4.0, perl-podlators chrpath
-Requires(post): info coreutils chkconfig
-Requires(preun):info chkconfig
+BuildRequires: bison, m4, gcc-c++, gettext, flex, zlib-devel, texinfo >= 4.0, perl-podlators, chrpath
+Requires(post):  info coreutils chkconfig
+Requires(preun): info chkconfig

 %define _gnu %{nil}
 # The higher of these two numbers determines the default ld.
@ -178,12 +201,12 @@ touch */configure

 %build
 CARGS=
-case %{_target_platform} in i?86*|arm*|aarch64*|riscv64*|loongarch64*)
+case %{_target_platform} in i?86*|arm*|aarch64*|riscv64*|loongarch64*|ppc64le*)
  CARGS="$CARGS --enable-64-bit-bfd"
  ;;
 esac

-case %{_target_platform} in x86_64*|i?86*|aarch64*|riscv64*|loongarch64*)
+case %{_target_platform} in x86_64*|i?86*|aarch64*|riscv64*|loongarch64*|ppc64le*)
  CARGS="$CARGS --enable-targets=x86_64-pep --enable-relro=yes"
  ;;
 esac
@ -351,6 +374,24 @@ INPUT ( %{_libdir}/libopcodes.a -lbfd )
 EOF
 %endif

+%ifarch ppc64le
+tee %{buildroot}%{_libdir}/libbfd.so <<EOF
+/* GNU ld script */
+
+OUTPUT_FORMAT(elf64-littleppc64le)
+
+INPUT ( %{_libdir}/libbfd.a -liberty -lz -ldl )
+EOF
+
+tee %{buildroot}%{_libdir}/libopcodes.so <<EOF
+/* GNU ld script */
+
+OUTPUT_FORMAT(elf64-littleppc64le)
+
+INPUT ( %{_libdir}/libopcodes.a -lbfd )
+EOF
+%endif
+
 rm -f %{buildroot}%{_infodir}/dir
 rm -rf %{buildroot}%{_prefix}/%{_target_platform}

@ -426,6 +467,23 @@ fi
 %{_infodir}/bfd*info*

 %changelog
+* Sat Jan 25 2025 Funda Wang <fundawang@yeah.net> - 2.37-29
+- Fix CVE-2024-57360: nm: Avoid potential segmentation fault when displaying
+  symbols without version info.
+- Fix CVE-2025-0840: stack-buffer-overflow at objdump disassemble_bytes
+
+* Sat Oct 12 2024 liningjie <liningjie@xfusion.com> - 2.37-28
+- DESC:fix ref leak of names of newly-inserted non-root-visible types
+
+* Thu Mar 21 2024 peng.zou <peng.zou@shingroup.cn> - 2.37-27
+- add ppc64le support
+
+* Fri Mar 08 2024 eastb233 <xiezhiheng@huawei.com> - 2.37-26
+- Support AArch64 SME
+
+* Mon Dec 25 2023 luguangyang <luguangyang@xfusion.com> - 2.37-25
+- fix CVE-2022-38533
+
 * Thu Sep 07 2023 yeqinglong <yeqinglong@kylinsec.com.cn> - 2.37-24
 - DESC:Add sw_64 support
 - DESC:Add LoongArch support
@ -471,16 +529,16 @@ fi
 * Sat Oct 08 2022 Chenxi Mao <chenxi.mao@suse.com> - 2.37-12
 - Fix Aarch64 EFI PE section address overlap issue.

-* Fri Sep 02 2022 Wei, Qiang <qiang.wei@suse.com> - 2.37-11
+* Thu Sep 08 2022 Wei, Qiang <qiang.wei@suse.com> - 2.37-11
 - Fix man page empty issue

-* Thu Sep 8 2022 yinyongkang <yinyongkang@kylinos.cn> - 2.37-10
+* Thu Sep 08 2022 yinyongkang <yinyongkang@kylinos.cn> - 2.37-10
 - Type:CVE
 - ID:CVE-2022-38126
 - SUG:NA
 - DESC:Fix CVE-2022-38126

-* Tue Aug 11 2022 dingguangya <dingguangya1@huawei.com> - 2.37-9
+* Thu Aug 11 2022 dingguangya <dingguangya1@huawei.com> - 2.37-9
 - Type:requirements
 - ID:NA
 - SUG:NA
--- a/1007-add-sw_64-support-not-upstream-modified-files.patch
+++ b/1007-add-sw_64-support-not-upstream-modified-files.patch
--- a/1006-add-sw_64-support-not-upstream-new-files.patch
+++ b/1006-add-sw_64-support-not-upstream-new-files.patch
Author	SHA1	Message	Date
openeuler-ci-bot	fdfc184ec2	!334 Fix CVE-2024-57360, CVE-2025-0840 From: @fundawang Reviewed-by: @eastb233 Signed-off-by: @eastb233	2025-02-06 09:10:50 +00:00
Funda Wang	ba08166531	fix CVE-2024-57360, CVE-2025-0840	2025-01-30 16:48:33 +08:00
openeuler-ci-bot	a0b73aaaad	!304 fix ref leak of names of newly-inserted non-root-visible types From: @li_ning_jie Reviewed-by: @eastb233 Signed-off-by: @eastb233	2024-11-01 07:54:57 +00:00
liningjie	db471d0b85	fix ref leak of names of newly-inserted non-root-visible types	2024-10-28 20:22:04 +08:00
openeuler-ci-bot	bd383c3cef	!277 [sync] PR-274: add ppc64le support From: @openeuler-sync-bot Reviewed-by: @eastb233 Signed-off-by: @eastb233	2024-03-22 06:29:17 +00:00
邹鹏	42f18fe442	add ppc64le support (cherry picked from commit 67d9585cc588822ac69ef448c77807290c6ced72)	2024-03-21 19:19:52 +08:00
openeuler-ci-bot	f95db06a39	!272 AArch64: Support SME instructions From: @eastb233 Reviewed-by: @huang-xiaoquan, @cf-zhao Signed-off-by: @cf-zhao	2024-03-19 03:14:25 +00:00
eastb233	fa692b275d	AArch64: Support SME instructions	2024-03-08 15:24:34 +08:00
openeuler-ci-bot	51dd020ba4	!258 fix CVE-2022-38533 From: @lgylouis Reviewed-by: @eastb233 Signed-off-by: @eastb233	2024-01-03 07:39:22 +00:00
luguangyang	661946b7d3	[Backport]binutils:fix CVE-2022-38533 CVE:CVE-2022-38533 Reference:https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=ef186fe54aa6d281a3ff8a9528417e5cc614c797 Type:CVE reason:fix CVE-2022-38533	2023-12-25 16:02:20 +08:00