diff --git a/hw-arm-expose-host-CPU-frequency-info-to-guest.patch b/hw-arm-expose-host-CPU-frequency-info-to-guest.patch
index 17c4eb399c5af0a2c6c3c918c49a7550f7ce6fc1..f0093812ed61e769afec350993e0298a4c5f9e10 100644
--- a/hw-arm-expose-host-CPU-frequency-info-to-guest.patch
+++ b/hw-arm-expose-host-CPU-frequency-info-to-guest.patch
@@ -54,7 +54,7 @@ index 9bb2101e..1a720c38 100644
  common-obj-$(CONFIG_ACPI_PCI) += pci.o
  common-obj-$(CONFIG_TPM) += tpm.o
 +common-obj-$(CONFIG_CPUFREQ) += cpufreq.o
-
+ 
  common-obj-$(CONFIG_IPMI) += ipmi.o
  common-obj-$(call lnot,$(CONFIG_IPMI)) += ipmi-stub.o
 diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
@@ -64,7 +64,7 @@ index 555c24f2..73f97751 100644
 @@ -1369,6 +1369,28 @@ Aml *aml_sleep(uint64_t msec)
      return var;
  }
-
+ 
 +/* ACPI 5.0b: 6.4.3.7 Generic Register Descriptor */
 +Aml *aml_generic_register(AmlRegionSpace rs, uint8_t reg_width,
 +                          uint8_t reg_offset, AmlAccessType type, uint64_t addr)
@@ -392,10 +392,10 @@ index 0afb3727..29494ebd 100644
  #include "sysemu/numa.h"
  #include "kvm_arm.h"
 +#include "hw/acpi/acpi-defs.h"
-
+ 
  #define ARM_SPI_BASE 32
  #define ACPI_POWER_BUTTON_DEVICE "PWRB"
-
+ 
 -static void acpi_dsdt_add_cpus(Aml *scope, int smp_cpus)
 +static void acpi_dsdt_add_psd(Aml *dev, int cpus)
 +{
@@ -461,7 +461,7 @@ index 0afb3727..29494ebd 100644
 +                               const MemMapEntry *cppc_memmap)
  {
      uint16_t i;
-
+ 
 @@ -57,6 +119,18 @@ static void acpi_dsdt_add_cpus(Aml *scope, int smp_cpus)
          Aml *dev = aml_device("C%.03X", i);
          aml_append(dev, aml_name_decl("_HID", aml_string("ACPI0007")));
@@ -505,7 +505,7 @@ index d9496c93..0fa355ba 100644
 @@ -731,6 +732,16 @@ static void create_uart(const VirtMachineState *vms, qemu_irq *pic, int uart,
      g_free(nodename);
  }
-
+ 
 +static void create_cpufreq(const VirtMachineState *vms, MemoryRegion *mem)
 +{
 +    hwaddr base = vms->memmap[VIRT_CPUFREQ].base;
@@ -520,9 +520,9 @@ index d9496c93..0fa355ba 100644
  {
      char *nodename;
 @@ -1682,6 +1693,8 @@ static void machvirt_init(MachineState *machine)
-
+ 
      create_uart(vms, pic, VIRT_UART, sysmem, serial_hd(0));
-
+ 
 +    create_cpufreq(vms, sysmem);
 +
      if (vms->secure) {
@@ -533,7 +533,7 @@ index 40e7a8b8..2f61bf53 100644
 --- a/hw/char/Kconfig
 +++ b/hw/char/Kconfig
 @@ -46,3 +46,7 @@ config SCLPCONSOLE
-
+ 
  config TERMINAL3270
      bool
 +
@@ -547,7 +547,7 @@ index 57a3f58b..39ae91d3 100644
 @@ -634,4 +634,42 @@ struct AcpiIortRC {
  } QEMU_PACKED;
  typedef struct AcpiIortRC AcpiIortRC;
-
+ 
 +/*
 + * CPPC register definition from kernel header
 + * include/acpi/cppc_acpi.h
@@ -598,7 +598,7 @@ index 1a563ad7..375335ab 100644
 +Aml *aml_generic_register(AmlRegionSpace rs, uint8_t reg_width,
 +                          uint8_t reg_offset, AmlAccessType type,
 +                          uint64_t addr);
-
+ 
  /* Block AML object primitives */
  Aml *aml_scope(const char *name_format, ...) GCC_FMT_ATTR(1, 2);
 diff --git a/include/hw/arm/virt.h b/include/hw/arm/virt.h
@@ -613,5 +613,6 @@ index a7209420..43a6ce91 100644
      VIRT_MMIO,
      VIRT_RTC,
      VIRT_FW_CFG,
---
-2.19.1
+-- 
+2.23.0
+
diff --git a/qemu.spec b/qemu.spec
index 579f5c2b398af50732c3447beb48e3995bd88f8e..97165d8c9c7d450dfb078b6c39e09498860718dd 100644
--- a/qemu.spec
+++ b/qemu.spec
@@ -1,6 +1,6 @@
 Name: qemu
 Version: 4.1.0
-Release: 13
+Release: 14
 Epoch: 2
 Summary: QEMU is a generic and open source machine emulator and virtualizer
 License: GPLv2 and BSD and MIT and CC-BY
@@ -174,6 +174,7 @@ Patch0161: hw-arm-virt-add-missing-compat-for-kvm-no-adjvtime.patch
 Patch0162: migration-Compat-virtual-timer-adjust-for-v4.0.1-and.patch
 Patch0163: vtimer-Drop-vtimer-virtual-timer-adjust.patch
 Patch0164: target-arm-Add-the-kvm_adjvtime-vcpu-property-for-Co.patch
+Patch0165: target-arm-Fix-PAuth-sbox-functions.patch
 
 BuildRequires: flex
 BuildRequires: bison
@@ -519,7 +520,11 @@ getent passwd qemu >/dev/null || \
 %endif
 
 %changelog
-* Fri May 29 Huawei Technologies Co., Ltd <fangying1@huawei.com>
+* Sat Jun 20 2020 Huawei Technologies Co., Ltd <zhang.zhanghailiang@huawei.com>
+- target/arm: Fix PAuth sbox functions
+- fix two patches' format which can cause git am failed
+
+* Fri May 29 2020 Huawei Technologies Co., Ltd <fangying1@huawei.com>
 - target/arm: Add the kvm_adjvtime vcpu property for Cortex-A72
 
 * Wed May 27 2020 Huawei Technologies Co., Ltd. <fangying1@huawei.com>
diff --git a/target-arm-Fix-PAuth-sbox-functions.patch b/target-arm-Fix-PAuth-sbox-functions.patch
new file mode 100644
index 0000000000000000000000000000000000000000..ac8d05065f766eb8ca90cd00de6a60350c2306c3
--- /dev/null
+++ b/target-arm-Fix-PAuth-sbox-functions.patch
@@ -0,0 +1,49 @@
+From a7149fc18020c3d432c31838069dcfcb745299bf Mon Sep 17 00:00:00 2001
+From: zhanghailiang <zhang.zhanghailiang@huawei.com>
+Date: Sat, 20 Jun 2020 12:01:30 +0800
+Subject: [PATCH] target/arm: Fix PAuth sbox functions
+
+In the PAC computation, sbox was applied over wrong bits.
+As this is a 4-bit sbox, bit index should be incremented by 4 instead of 16.
+
+Test vector from QARMA paper (https://eprint.iacr.org/2016/444.pdf) was
+used to verify one computation of the pauth_computepac() function which
+uses sbox2.
+
+Launchpad: https://bugs.launchpad.net/bugs/1859713
+Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
+Signed-off-by: Vincent DEHORS <vincent.dehors@smile.fr>
+Signed-off-by: Adrien GRASSEIN <adrien.grassein@smile.fr>
+Message-id: 20200116230809.19078-2-richard.henderson@linaro.org
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
+---
+ target/arm/pauth_helper.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/target/arm/pauth_helper.c b/target/arm/pauth_helper.c
+index d3194f20..0a5f41e1 100644
+--- a/target/arm/pauth_helper.c
++++ b/target/arm/pauth_helper.c
+@@ -89,7 +89,7 @@ static uint64_t pac_sub(uint64_t i)
+     uint64_t o = 0;
+     int b;
+ 
+-    for (b = 0; b < 64; b += 16) {
++    for (b = 0; b < 64; b += 4) {
+         o |= (uint64_t)sub[(i >> b) & 0xf] << b;
+     }
+     return o;
+@@ -104,7 +104,7 @@ static uint64_t pac_inv_sub(uint64_t i)
+     uint64_t o = 0;
+     int b;
+ 
+-    for (b = 0; b < 64; b += 16) {
++    for (b = 0; b < 64; b += 4) {
+         o |= (uint64_t)inv_sub[(i >> b) & 0xf] << b;
+     }
+     return o;
+-- 
+2.23.0
+
diff --git a/tests-bios-tables-test-disable-this-testcase.patch b/tests-bios-tables-test-disable-this-testcase.patch
index 2e57c6faf8142d33077c29375682b5c915b04265..993fee935546735c16bfe9a30ff856ac135f4d53 100644
--- a/tests-bios-tables-test-disable-this-testcase.patch
+++ b/tests-bios-tables-test-disable-this-testcase.patch
@@ -33,7 +33,7 @@ index fd7fdb86..d8cf00c1 100644
 -check-qtest-aarch64-y += tests/bios-tables-test$(EXESUF)
 +#check-qtest-aarch64-y += tests/bios-tables-test$(EXESUF)
  endif
-
+ 
  check-qtest-microblazeel-y += $(check-qtest-microblaze-y)
 @@ -783,7 +783,7 @@ tests/ipmi-bt-test$(EXESUF): tests/ipmi-bt-test.o
  tests/hd-geo-test$(EXESUF): tests/hd-geo-test.o
@@ -41,8 +41,8 @@ index fd7fdb86..d8cf00c1 100644
  tests/boot-serial-test$(EXESUF): tests/boot-serial-test.o $(libqos-obj-y)
 -tests/bios-tables-test$(EXESUF): tests/bios-tables-test.o \
 +#tests/bios-tables-test$(EXESUF): tests/bios-tables-test.o \
-	tests/boot-sector.o tests/acpi-utils.o $(libqos-obj-y)
+ 	tests/boot-sector.o tests/acpi-utils.o $(libqos-obj-y)
  tests/pxe-test$(EXESUF): tests/pxe-test.o tests/boot-sector.o $(libqos-obj-y)
  tests/microbit-test$(EXESUF): tests/microbit-test.o
---
+-- 
 2.23.0