Remove all our old patches, no longer needed:

 - avoid_null_vsprint.patch
 - check_null_sn_ln.patch
 - fixup_git.patch
 - uname.patch
 - use_compare_mem_gcc9.patch

7 files changed, 6 insertions, 196 deletions

diff --git a/debian/changelog b/debian/changelog
index 5cc875b6..eaec2988 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,12 @@ shim (15+1613861442.888f5b5-1) unstable; urgency=medium
   [ Steve McIntyre ]
   * Switch to much-newer upstream code point with many many fixes
     + Particularly pulling in SBAT changes for better revocation support
+    + Remove all our old patches, no longer needed:
+      - avoid_null_vsprint.patch
+      - check_null_sn_ln.patch
+      - fixup_git.patch
+      - uname.patch
+      - use_compare_mem_gcc9.patch
   * Switch to using gcc-10 rather than gcc-9. Closes: #978521
 
  -- Steve McIntyre <93sam@debian.org>  Sun, 21 Feb 2021 13:50:16 +0100
diff --git a/debian/patches/avoid_null_vsprint.patch b/debian/patches/avoid_null_vsprint.patch
deleted file mode 100644
index cb056d6a..00000000
--- a/debian/patches/avoid_null_vsprint.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-commit 20e731f423a438f53738de73af9ef3d67c4cba2f
-Author: Peter Jones <pjones@redhat.com>
-Date:   Tue Feb 12 18:04:49 2019 -0500
-
-    VLogError(): Avoid NULL pointer dereferences in (V)Sprint calls
-    
-    VLogError() calculates the size of format strings by using calls to
-    SPrint and VSPrint with a StrSize of 0 and NULL for an output buffer.
-    Unfortunately, this is an incorrect usage of (V)Sprint. A StrSize
-    of "0" is special-cased to mean "there is no limit". So, we end up
-    writing our string to address 0x0. This was discovered because it
-    causes a crash on ARM where, unlike x86, it does not necessarily
-    have memory mapped at 0x0.
-    
-    Avoid the (V)Sprint calls altogether by using (V)PoolPrint, which
-    handles the size calculation and allocation for us.
-    
-    Signed-off-by: Peter Jones <pjones@redhat.com>
-    Fixes: 25f6fd08cd26 ("try to show errors more usefully.")
-    [dannf: commit message ]
-    Signed-off-by: dann frazier <dann.frazier@canonical.com>
-
-diff --git a/errlog.c b/errlog.c
-index 18be482..eebb266 100644
---- a/errlog.c
-+++ b/errlog.c
-@@ -14,29 +14,20 @@ EFI_STATUS
- VLogError(const char *file, int line, const char *func, CHAR16 *fmt, va_list args)
- {
- 	va_list args2;
--	UINTN size = 0, size2;
- 	CHAR16 **newerrs;
- 
--	size = SPrint(NULL, 0, L"%a:%d %a() ", file, line, func);
--	va_copy(args2, args);
--	size2 = VSPrint(NULL, 0, fmt, args2);
--	va_end(args2);
--
- 	newerrs = ReallocatePool(errs, (nerrs + 1) * sizeof(*errs),
- 				       (nerrs + 3) * sizeof(*errs));
- 	if (!newerrs)
- 		return EFI_OUT_OF_RESOURCES;
- 
--	newerrs[nerrs] = AllocatePool(size*2+2);
-+	newerrs[nerrs] = PoolPrint(L"%a:%d %a() ", file, line, func);
- 	if (!newerrs[nerrs])
- 		return EFI_OUT_OF_RESOURCES;
--	newerrs[nerrs+1] = AllocatePool(size2*2+2);
-+	va_copy(args2, args);
-+	newerrs[nerrs+1] = VPoolPrint(fmt, args2);
- 	if (!newerrs[nerrs+1])
- 		return EFI_OUT_OF_RESOURCES;
--
--	SPrint(newerrs[nerrs], size*2+2, L"%a:%d %a() ", file, line, func);
--	va_copy(args2, args);
--	VSPrint(newerrs[nerrs+1], size2*2+2, fmt, args2);
- 	va_end(args2);
- 
- 	nerrs += 2;
diff --git a/debian/patches/check_null_sn_ln.patch b/debian/patches/check_null_sn_ln.patch
deleted file mode 100644
index b0ee4c4a..00000000
--- a/debian/patches/check_null_sn_ln.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-commit 3a9e237b1baddf0d3192755406befb3e9fa5ca80
-Author: dann frazier <dann.frazier@canonical.com>
-Date:   Thu Mar 7 19:55:42 2019 -0700
-
-    Fix OBJ_create() to tolerate a NULL sn and ln
-    
-    From: https://github.com/openssl/openssl/commit/f13615c5b828aeb8e3d9bf2545c803633d1c684f
-    
-    Apply an upstream patch from OpenSSL to tolerate a NULL sn. This avoids
-    a NULL pointer reference in shim.c:verify_eku(). This was discovered
-    because it causes a crash on ARM where, unlike x86, it does not necessarily
-    have memory mapped at 0x0.
-    
-    Fixes: 6c180c6004ac ("shim: verify Extended Key Usage flags")
-    Signed-off-by: dann frazier <dann.frazier@canonical.com>
-
-diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_dat.c b/Cryptlib/OpenSSL/crypto/objects/obj_dat.c
-index 259851b..9b850ed 100644
---- a/Cryptlib/OpenSSL/crypto/objects/obj_dat.c
-+++ b/Cryptlib/OpenSSL/crypto/objects/obj_dat.c
-@@ -685,7 +685,8 @@ int OBJ_create(const char *oid, const char *sn, const char *ln)
-     int ok = 0;
- 
-     /* Check to see if short or long name already present */
--    if (OBJ_sn2nid(sn) != NID_undef || OBJ_ln2nid(ln) != NID_undef) {
-+    if ((sn != NULL && OBJ_sn2nid(sn) != NID_undef)
-+            || (ln != NULL && OBJ_ln2nid(ln) != NID_undef)) {
-         OBJerr(OBJ_F_OBJ_CREATE, OBJ_R_OID_EXISTS);
-         return 0;
-     }
diff --git a/debian/patches/fixup_git.patch b/debian/patches/fixup_git.patch
deleted file mode 100644
index 33e9305d..00000000
--- a/debian/patches/fixup_git.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-From: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
-Subject: We're not in a git tree, don't try to git clean.
-
----
- Makefile |    1 -
- 1 file changed, 1 deletion(-)
-
-Index: b/Makefile
-===================================================================
---- a/Makefile
-+++ b/Makefile
-@@ -225,7 +225,6 @@ clean-shim-objs:
- 	@rm -rvf $(TARGET) *.o $(SHIM_OBJS) $(MOK_OBJS) $(FALLBACK_OBJS) $(KEYS) certdb $(BOOTCSVNAME)
- 	@rm -vf *.debug *.so *.efi *.efi.* *.tar.* version.c buildid
- 	@rm -vf Cryptlib/*.[oa] Cryptlib/*/*.[oa]
--	@git clean -f -d -e 'Cryptlib/OpenSSL/*'
- 
- clean: clean-shim-objs
- 	$(MAKE) -C Cryptlib -f $(TOPDIR)/Cryptlib/Makefile clean
diff --git a/debian/patches/series b/debian/patches/series
index 34291629..e69de29b 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,5 +0,0 @@
-fixup_git.patch
-uname.patch
-avoid_null_vsprint.patch
-check_null_sn_ln.patch
-use_compare_mem_gcc9.patch
diff --git a/debian/patches/uname.patch b/debian/patches/uname.patch
deleted file mode 100644
index 851c3c98..00000000
--- a/debian/patches/uname.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-Author: Luca Boccassi <bluca@debian.org>
-Description: Makefile: use fixed build host if SOURCE_DATE_EPOCH is defined
- If SOURCE_DATE_EPOCH is defined then we can be reasonably sure the
- user wants the build to be fully reproducible, so use a fixed string.
- In case of a cross build, using uname -s -m -p -i o will still report
- the host's kernel architecture, which will trip some CIs like
- Debian's.
-Forwarded: https://github.com/rhboot/shim/pull/169
---- a/Makefile
-+++ b/Makefile
-@@ -46,6 +46,12 @@ ifneq ($(origin ENABLE_HTTPBOOT), undefined)
- 	SOURCES += httpboot.c include/httpboot.h
- endif
- 
-+ifeq ($(SOURCE_DATE_EPOCH),)
-+	UNAME=$(shell uname -s -m -p -i -o)
-+else
-+	UNAME=buildhost
-+endif
-+
- SOURCES = $(foreach source,$(ORIG_SOURCES),$(TOPDIR)/$(source)) version.c
- MOK_SOURCES = $(foreach source,$(ORIG_MOK_SOURCES),$(TOPDIR)/$(source))
- FALLBACK_SRCS = $(foreach source,$(ORIG_FALLBACK_SRCS),$(TOPDIR)/$(source))
-@@ -66,7 +72,7 @@ shim_cert.h: shim.cer
- 
- version.c : $(TOPDIR)/version.c.in
- 	sed	-e "s,@@VERSION@@,$(VERSION)," \
--		-e "s,@@UNAME@@,$(shell uname -s -m -p -i -o)," \
-+		-e "s,@@UNAME@@,$(UNAME)," \
- 		-e "s,@@COMMIT@@,$(COMMIT_ID)," \
- 		< $< > $@
- 
diff --git a/debian/patches/use_compare_mem_gcc9.patch b/debian/patches/use_compare_mem_gcc9.patch
deleted file mode 100644
index b9121b67..00000000
--- a/debian/patches/use_compare_mem_gcc9.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-Taken changes from commit aaa09b35e73c4a35fc119d225e5241199d7cf5aa,
-tweaked to fit into our older codebase
-diff --git a/MokManager.c b/MokManager.c
-index 01697bd..aaf6cb1 100644
---- a/MokManager.c	2020-03-24 17:13:03.250000678 +0000
-+++ b/MokManager.c	2020-03-24 17:15:08.586705154 +0000
-@@ -1077,7 +1077,7 @@
- 			continue;
- 
- 		DataSize += sizeof(EFI_SIGNATURE_LIST);
--		if (CompareGuid(&(list[i].Type), &X509_GUID) == 0)
-+		if (CompareMem(&(list[i].Type), &X509_GUID, sizeof(EFI_GUID)) == 0)
- 			DataSize += sizeof(EFI_GUID);
- 		DataSize += list[i].MokSize;
- 	}
-@@ -1099,7 +1099,7 @@
- 		CertList->SignatureType = list[i].Type;
- 		CertList->SignatureHeaderSize = 0;
- 
--		if (CompareGuid(&(list[i].Type), &X509_GUID) == 0) {
-+		if (CompareMem(&(list[i].Type), &X509_GUID, sizeof(EFI_GUID)) == 0) {
- 			CertList->SignatureListSize = list[i].MokSize +
- 			    sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_GUID);
- 			CertList->SignatureSize =
-@@ -1140,7 +1140,7 @@
- 	int i;
- 
- 	for (i = 0; i < mok_num; i++) {
--		if (CompareGuid(&(mok[i].Type), &X509_GUID) != 0)
-+		if (CompareMem(&(mok[i].Type), &X509_GUID, sizeof(EFI_GUID)) != 0)
- 			continue;
- 
- 		if (mok[i].MokSize == key_size &&
-@@ -1191,7 +1191,7 @@
- 	sig_size = hash_size + sizeof(EFI_GUID);
- 
- 	for (i = 0; i < mok_num; i++) {
--		if ((CompareGuid(&(mok[i].Type), &Type) != 0) ||
-+		if ((CompareMem(&(mok[i].Type), &Type, sizeof(EFI_GUID)) != 0) ||
- 		    (mok[i].MokSize < sig_size))
- 			continue;
- 
-@@ -1355,7 +1355,7 @@
- 
- 	/* Search and destroy */
- 	for (i = 0; i < del_num; i++) {
--		if (CompareGuid(&(del_key[i].Type), &X509_GUID) == 0) {
-+		if (CompareMem(&(del_key[i].Type), &X509_GUID, sizeof(EFI_GUID)) == 0) {
- 			delete_cert(del_key[i].Mok, del_key[i].MokSize,
- 				    mok, mok_num);
- 		} else if (is_sha2_hash(del_key[i].Type)) {