diff -Nru logrotate-3.8.6/CHANGES logrotate-3.8.7/CHANGES
--- logrotate-3.8.6/CHANGES	2013-07-31 11:46:23.000000000 +0000
+++ logrotate-3.8.7/CHANGES	2013-10-10 08:43:36.000000000 +0000
@@ -1,3 +1,9 @@
+3.8.6 -> 3.8.7
+	- Fixed --force/-f option handling together with "size" directive
+	  (3.8.5 regression).
+	- Use "logrotate_tmp_t" context for SELinux tests and if this context does
+	  not exist, skip SELinux related tests.
+
 3.8.5 -> 3.8.6
 	- Fixed memory corruption caused by rotation directory which does not
 	  exist with "sharedscripts" together with "prerotate" script.
diff -Nru logrotate-3.8.6/debian/changelog logrotate-3.8.7/debian/changelog
--- logrotate-3.8.6/debian/changelog	2013-12-05 18:35:48.000000000 +0000
+++ logrotate-3.8.7/debian/changelog	2014-01-22 19:05:42.000000000 +0000
@@ -1,3 +1,25 @@
+logrotate (3.8.7-1ubuntu1) trusty; urgency=medium
+
+  * Merge from Debian unstable, remaining changes:
+    - debian/control: Drop mailx to Suggests for Ubuntu; it's only used
+      on request, and we don't configure an MTA by default.
+    - debian/cron.daily: Clean non-existent log files from logrotate status
+      file.
+    - debian/logrotate.conf: use group 'syslog' by default when rotating logs.
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Wed, 22 Jan 2014 11:05:42 -0800
+
+logrotate (3.8.7-1) unstable; urgency=low
+
+  * New patch:
+    - man-su-explanation-729315.patch: Explain how "su" may conflict with
+      "create". (Closes: #729315)
+  * New upstream release
+    - Fix to forcing size-based rotations. (Closes: #714910)
+  * Bump standards version to 3.9.5. (No changes needed.)
+
+ -- Paul Martin <pm@debian.org>  Fri, 17 Jan 2014 09:46:01 +0000
+
 logrotate (3.8.6-1ubuntu2) trusty; urgency=low
 
   * debian/logrotate.conf: use group 'syslog' by default when rotating logs,
@@ -990,6 +1012,3 @@
 
  -- Joseph Carter <knghtbrd@debian.org>  Thu, 22 Apr 1999 15:33:04 -0700
 
-Local variables:
-mode: debian-changelog
-End:
diff -Nru logrotate-3.8.6/debian/control logrotate-3.8.7/debian/control
--- logrotate-3.8.6/debian/control	2013-12-05 16:44:15.000000000 +0000
+++ logrotate-3.8.7/debian/control	2014-01-22 18:20:23.000000000 +0000
@@ -7,7 +7,7 @@
  libselinux1-dev [linux-any], libacl1-dev [linux-any]
 Vcs-Svn: http://svn.fedorahosted.org/svn/logrotate/
 Homepage: https://fedorahosted.org/logrotate/
-Standards-Version: 3.9.4
+Standards-Version: 3.9.5
 
 Package: logrotate
 Architecture: any
diff -Nru logrotate-3.8.6/debian/patches/man-su-explanation-729315.patch logrotate-3.8.7/debian/patches/man-su-explanation-729315.patch
--- logrotate-3.8.6/debian/patches/man-su-explanation-729315.patch	1970-01-01 00:00:00.000000000 +0000
+++ logrotate-3.8.7/debian/patches/man-su-explanation-729315.patch	2014-01-22 18:20:23.000000000 +0000
@@ -0,0 +1,16 @@
+Index: logrotate-3.8.6/logrotate.8
+===================================================================
+--- logrotate-3.8.6.orig/logrotate.8	2013-09-03 21:55:05.305538834 +0100
++++ logrotate-3.8.6/logrotate.8	2013-11-19 00:04:51.095192999 +0000
+@@ -503,7 +503,10 @@
+ \fBsu \fIuser\fR \fIgroup\fR
+ Rotate log files set under this user and group instead of using default
+ user/group (usually root). \fIuser\fR specifies the user name used for
+-rotation and \fIgroup\fR specifies the group used for rotation. 
++rotation and \fIgroup\fR specifies the group used for rotation. If the
++user/group you specify here does not have sufficient privilege to make 
++files with the ownership you've specified in a \fIcreate\fR instruction, 
++it will cause an error.
+ 
+ .TP
+ \fBtabooext\fR [+] \fIlist\fR
diff -Nru logrotate-3.8.6/debian/patches/series logrotate-3.8.7/debian/patches/series
--- logrotate-3.8.6/debian/patches/series	2013-12-05 16:44:15.000000000 +0000
+++ logrotate-3.8.7/debian/patches/series	2014-01-22 18:20:23.000000000 +0000
@@ -4,3 +4,4 @@
 cpp-crossbuild.patch
 chown-484762.patch
 mktime-718332.patch
+man-su-explanation-729315.patch
diff -Nru logrotate-3.8.6/logrotate.c logrotate-3.8.7/logrotate.c
--- logrotate-3.8.6/logrotate.c	2013-07-31 11:46:23.000000000 +0000
+++ logrotate-3.8.7/logrotate.c	2013-10-10 08:43:36.000000000 +0000
@@ -830,11 +830,12 @@
 		return 0;
 	}
 
-    if (log->criterium == ROT_SIZE) {
-	state->doRotate = (sb.st_size >= log->threshhold);
-    } else if (force) {
+    if (force) {
 	/* user forced rotation of logs from command line */
-	state->doRotate = 1;
+	state->doRotate = 1;   
+    }
+    else if (log->criterium == ROT_SIZE) {
+	state->doRotate = (sb.st_size >= log->threshhold);
     } else if (mktime(&state->lastRotated) - mktime(&now) > (25 * 3600)) {
         /* 25 hours allows for DST changes as well as geographical moves */
 	message(MESS_ERROR,
diff -Nru logrotate-3.8.6/logrotate.spec logrotate-3.8.7/logrotate.spec
--- logrotate-3.8.6/logrotate.spec	2013-07-31 11:46:23.000000000 +0000
+++ logrotate-3.8.7/logrotate.spec	2013-10-10 08:43:36.000000000 +0000
@@ -1,6 +1,6 @@
 Summary: Rotates, compresses, removes and mails system log files
 Name: logrotate
-Version: 3.8.6
+Version: 3.8.7
 Release: 1
 License: GPL+
 Group: System Environment/Base
@@ -52,6 +52,9 @@
 %attr(0644, root, root) %verify(not size md5 mtime) %config(noreplace) %{_localstatedir}/lib/logrotate.status
 
 %changelog
+* Thu Oct 10 2013 Jan Kaluza <jkaluza@redhat.com> 3.8.7-1
+- new upstream version
+
 * Wed Jul 31 2013 Jan Kaluza <jkaluza@redhat.com> 3.8.6-1
 - new upstream version
 
diff -Nru logrotate-3.8.6/test/test logrotate-3.8.7/test/test
--- logrotate-3.8.6/test/test	2013-07-31 11:46:22.000000000 +0000
+++ logrotate-3.8.7/test/test	2013-10-10 08:43:36.000000000 +0000
@@ -46,6 +46,17 @@
     fi
   fi
 fi
+
+if [ $SELINUX_TESTS == 1 ]; then
+  # if logrotate_tmp_t, we can't continue with SELinux tests...
+  touch .selinuxtest
+  chcon --type=logrotate_tmp_t .selinuxtest 2>/dev/null
+  if [ $? != 0 ]; then
+    SELINUX_TESTS=0
+    echo "SELinux context 'logrotate_tmp_t' does not exist. SELinux tests will not be executed."
+  fi
+  rm -f .selinuxtest
+fi
 # -- SELINUX - END ----------------------------------
 
 
@@ -301,22 +312,22 @@
 preptest test.log 6 1
 preptest anothertest.log 6 1
 if [ $SELINUX_TESTS == 1 ]; then
-	chcon --type=httpd_sys_content_t test.log
+	chcon --type=logrotate_tmp_t test.log
 else
 	echo "Skipping SELinux part of test 6"
 fi
 $RLR test-config.6 --force
 
 if [ $SELINUX_TESTS == 1 ]; then
-	ls -Z test.log.0|grep httpd_sys_content_t >/dev/null
+	ls -Z test.log.0|grep logrotate_tmp_t >/dev/null
 	if [ $? != 0 ]; then
-		echo "test.log.0 should have selinux context httpd_sys_content_t."
+		echo "test.log.0 should have selinux context logrotate_tmp_t."
 		exit 3
 	fi
 
-	ls -Z anothertest.log.0|grep httpd_sys_content_t >/dev/null
+	ls -Z anothertest.log.0|grep logrotate_tmp_t >/dev/null
 	if [ $? == 0 ]; then
-		echo "anothertest.log.0 should not have selinux context httpd_sys_content_t."
+		echo "anothertest.log.0 should not have selinux context logrotate_tmp_t."
 		exit 3
 	fi
 fi
@@ -378,7 +389,7 @@
 preptest test.log 10 1
 
 if [ $SELINUX_TESTS == 1 ]; then
-	chcon --type=httpd_sys_content_t test.log
+	chcon --type=logrotate_tmp_t test.log
 else
 	echo "Skipping SELinux part of test 10"
 fi
@@ -395,16 +406,16 @@
 $RLR test-config.10 --force
 
 if [ $SELINUX_TESTS == 1 ]; then
-	ls -Z test.log.2.gz|grep httpd_sys_content_t >/dev/null
+	ls -Z test.log.2.gz|grep logrotate_tmp_t >/dev/null
 	if [ $? != 0 ]; then
-		echo "test.log.2.gz should have selinux context httpd_sys_content_t."
+		echo "test.log.2.gz should have selinux context logrotate_tmp_t."
 		ls -Z test.log.2.gz
 		exit 3
 	fi
 
-	ls -Z test.log.1|grep httpd_sys_content_t >/dev/null
+	ls -Z test.log.1|grep logrotate_tmp_t >/dev/null
 	if [ $? != 0 ]; then
-		echo "test.log.1 should have selinux context httpd_sys_content_t."
+		echo "test.log.1 should have selinux context logrotate_tmp_t."
 		ls -Z test.log.1
 		exit 3
 	fi
@@ -1154,7 +1165,7 @@
 
 
 if [ $SELINUX_TESTS == 1 ]; then
-	chcon --type=httpd_sys_content_t test.log
+	chcon --type=logrotate_tmp_t test.log
 else
 	echo "Skipping SELinux part of test 6"
 fi
@@ -1172,13 +1183,13 @@
 logrotate state -- version 2
 EOF
 
-chcon --type=httpd_sys_content_t state
+chcon --type=logrotate_tmp_t state
 
 $RLR test-config.47
 
-ls -Z state|grep httpd_sys_content_t >/dev/null
+ls -Z state|grep logrotate_tmp_t >/dev/null
 if [ $? != 0 ]; then
-	echo "state file should have selinux context httpd_sys_content_t."
+	echo "state file should have selinux context logrotate_tmp_t."
 	exit 3
 fi
 
@@ -1334,4 +1345,17 @@
 scriptout 0 foo
 EOF
 
+cleanup 53
+
+# ------------------------------- Test 53 ------------------------------------
+# test if --force works
+preptest test.log 53 1 0
+
+$RLR test-config.53 --force
+
+checkoutput <<EOF
+test.log 0
+test.log.1 0 zero
+EOF
+
 cleanup
diff -Nru logrotate-3.8.6/test/test-config.53.in logrotate-3.8.7/test/test-config.53.in
--- logrotate-3.8.6/test/test-config.53.in	1970-01-01 00:00:00.000000000 +0000
+++ logrotate-3.8.7/test/test-config.53.in	2013-10-10 08:43:36.000000000 +0000
@@ -0,0 +1,7 @@
+create
+
+&DIR&/test.log {
+	rotate 14
+	size 4096
+	missingok
+}
\ No newline at end of file