diff --git a/mokutil-clean-request.patch b/mokutil-clean-request.patch
new file mode 100644
index 0000000..8c90f16
--- /dev/null
+++ b/mokutil-clean-request.patch
@@ -0,0 +1,42 @@
+From a8165e89893bbaf8245fda6a59bcfe562bee4854 Mon Sep 17 00:00:00 2001
+From: Gary Ching-Pang Lin <glin@suse.com>
+Date: Wed, 12 Feb 2014 15:57:51 +0800
+Subject: [PATCH] Clean the request when all keys are removed
+
+Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
+---
+ src/mokutil.c | 18 ++++++++++++++++++
+ 1 file changed, 18 insertions(+)
+
+diff --git a/src/mokutil.c b/src/mokutil.c
+index 935cb94..1c32313 100644
+--- a/src/mokutil.c
++++ b/src/mokutil.c
+@@ -513,6 +513,24 @@ delete_data_from_list (efi_guid_t type, void *data, uint32_t data_size,
+ 	if (start == NULL)
+ 		return 0;
+ 
++	/* all keys are removed */
++	if (total == 0) {
++		test_and_delete_var (var_name);
++
++		/* delete the password */
++		if (strcmp (var_name, "MokNew") == 0)
++			test_and_delete_var ("MokAuth");
++		else if (strcmp (var_name, "MokXNew") == 0)
++			test_and_delete_var ("MokXAuth");
++		else if (strcmp (var_name, "MokDel") == 0)
++			test_and_delete_var ("MokDelAuth");
++		else if (strcmp (var_name, "MokXDel") == 0)
++			test_and_delete_var ("MokXDelAuth");
++
++		ret = 1;
++		goto done;
++	}
++
+ 	/* remove the key or hash  */
+ 	if (remain > 0)
+ 		memmove (start, end, remain);
+-- 
+1.8.4.5
+
diff --git a/mokutil-fix-hash-list-size.patch b/mokutil-fix-hash-list-size.patch
new file mode 100644
index 0000000..578257c
--- /dev/null
+++ b/mokutil-fix-hash-list-size.patch
@@ -0,0 +1,72 @@
+From bf19feea5cbc44e6c50d14814d00c902073d8d92 Mon Sep 17 00:00:00 2001
+From: Gary Ching-Pang Lin <glin@suse.com>
+Date: Wed, 12 Feb 2014 11:38:24 +0800
+Subject: [PATCH 1/2] Fix the signature list size calculation
+
+While merging the hashes into the previous request, the list size
+mistakenly included the signature list header, and this made the
+request invalid.
+
+Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
+---
+ src/mokutil.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/mokutil.c b/src/mokutil.c
+index dbec25b..b706c80 100644
+--- a/src/mokutil.c
++++ b/src/mokutil.c
+@@ -1374,6 +1374,9 @@ issue_hash_request (const char *hash_str, MokRequest req,
+ 
+ 	old_req.VariableName = req_name;
+ 	old_req.VendorGuid = SHIM_LOCK_GUID;
++
++	list_size = sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t) + hash_size;
++
+ 	if (read_variable (&old_req) == EFI_SUCCESS) {
+ 		int i;
+ 		list_size += old_req.DataSize;
+@@ -1388,13 +1391,12 @@ issue_hash_request (const char *hash_str, MokRequest req,
+ 			if (efi_guidcmp (mok_list[i].header->SignatureType,
+ 					 hash_type) == 0) {
+ 				merge_ind = i;
++				list_size -= sizeof(EFI_SIGNATURE_LIST);
+ 				break;
+ 			}
+ 		}
+ 	}
+ 
+-	list_size += sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t) + hash_size;
+-
+ 	new_list = malloc (list_size);
+ 	if (!new_list) {
+ 		fprintf (stderr, "Failed to allocate space for %s\n", req_name);
+-- 
+1.8.4.5
+
+
+From 0c8e542eaaa1f3f8be2198806a5bc370813b4d81 Mon Sep 17 00:00:00 2001
+From: Gary Ching-Pang Lin <glin@suse.com>
+Date: Wed, 12 Feb 2014 15:24:23 +0800
+Subject: [PATCH 2/2] Update the list size after deleting a hash
+
+Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
+---
+ src/mokutil.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/mokutil.c b/src/mokutil.c
+index b706c80..935cb94 100644
+--- a/src/mokutil.c
++++ b/src/mokutil.c
+@@ -501,6 +501,7 @@ delete_data_from_list (efi_guid_t type, void *data, uint32_t data_size,
+ 				start += sizeof(EFI_SIGNATURE_LIST) + sig_size * del_ind;
+ 				end = start + sig_size;
+ 				total -= sig_size;
++				list[i].header->SignatureListSize -= sig_size;
+ 				remain += sig_list_size - sizeof(EFI_SIGNATURE_LIST) -
+ 					  (del_ind + 1) * sig_size;
+ 			}
+-- 
+1.8.4.5
+
diff --git a/mokutil.changes b/mokutil.changes
index 5d71638..891c209 100644
--- a/mokutil.changes
+++ b/mokutil.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Wed Feb 12 10:06:31 UTC 2014 - glin@suse.com
+
+- Add mokutil-fix-hash-list-size.patch to update the list size
+  after merging or deleting a hash
+- Add mokutil-clean-request.patch to clean the request if all keys
+  are removed
+
 -------------------------------------------------------------------
 Wed Jan 22 05:55:45 UTC 2014 - glin@suse.com
 
diff --git a/mokutil.spec b/mokutil.spec
index 2129340..5014504 100644
--- a/mokutil.spec
+++ b/mokutil.spec
@@ -28,6 +28,10 @@ Source:         %{name}-%{version}.tar.bz2
 Patch1:         mokutil-upstream-fixes.patch
 # PATCH-FIX-UPSTREAM mokutil-mokx-support.patch glin@suse.com -- Support the MOK blacklist
 Patch2:         mokutil-mokx-support.patch
+# PATCH-FIX-UPSTREAM mokutil-fix-hash-list-size.patch glin@suse.com -- Update the list size after merging or deleting a hash
+Patch3:         mokutil-fix-hash-list-size.patch
+# PATCH-FIX-UPSTREAM mokutil-clean-request.patch glin@suse.com -- Clear the request if all keys are removed
+Patch4:         mokutil-clean-request.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  libopenssl-devel >= 0.9.8
@@ -49,6 +53,8 @@ Authors:
 %setup -q
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
+%patch4 -p1
 
 %build
 %configure