Merge pull request from GHSA-gw5p-q8mj-p7gh

* x64: Fix an off-by-one in in `i64x2.shr_s`

This commit fixes a mistake from #6372 where one of the immediates to a
`pshufd` instruction was off-by-one in terms of bits. This fixes the
behavior of the wasm `i64x2.shr_s` instruction with constant shift
amounts larger than 32.

* Update release notes

* More release notes

RELEASES.md

@@ -1,5 +1,22 @@
 --------------------------------------------------------------------------------
 
+## 12.0.2
+
+Released 2023-09-14.
+
+### Fixed
+
+* [CVE-2023-41880] - Miscompilation of wasm `i64x2.shr_s` instruction with
+  constant input on x86\_64
+
+* Long chains of constant additions with optimizations disabled no longer stack
+  overflow on x86\_64.
+  [#6997](https://github.com/bytecodealliance/wasmtime/pull/6997)
+
+[CVE-2023-41880]: https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-gw5p-q8mj-p7gh
+
+--------------------------------------------------------------------------------
+
 ## 12.0.1
 
 Released 2023-08-24

cranelift/codegen/src/isa/x64/lower.isle

@@ -833,7 +833,7 @@
           (high32 Xmm (x64_psrad vec (xmi_imm 31)))
           (high32 Xmm (x64_pshufd high32 0b11_10_11_01))
           (low32  Xmm (x64_psrad vec (xmi_imm (u32_sub imm 32))))
-          (low32  Xmm (x64_pshufd low32 0b11_10_10_01))
+          (low32  Xmm (x64_pshufd low32 0b11_10_11_01))
         )
         (x64_punpckldq low32 high32)))
 

cranelift/filetests/filetests/runtests/simd-sshr.clif

@@ -119,4 +119,6 @@ block0(v0: i64x2):
 ; run: %i64x2_sshr_const3([0x10000000000 0]) == [1 0]
 ; run: %i64x2_sshr_const3([-1 -1]) == [-1 -1]
 ; run: %i64x2_sshr_const3([0x8000000080000000 0x8000000080000000]) == [0xffffffffff800000 0xffffffffff800000]
+; run: %i64x2_sshr_const3([0x2424242424244424 0x8b1b1b1bffffff24]) == [0x242424 0xffffffffff8b1b1b]
+; run: %i64x2_sshr_const3([0x2424242424244424 0x1b1b1b1bffffff24]) == [0x242424 0x1b1b1b]