diff -Nru pesign-0.112/debian/changelog pesign-0.112/debian/changelog
--- pesign-0.112/debian/changelog	2017-02-24 11:14:44.000000000 +0000
+++ pesign-0.112/debian/changelog	2017-05-13 15:36:43.000000000 +0000
@@ -1,14 +1,9 @@
-pesign (0.112-3build2) zesty; urgency=medium
+pesign (0.112-4) unstable; urgency=medium
 
-  * No-change rebuild against libnspr4
+  * Team upload.
+  * Fix race between printing prompt and disabling tty echo.
 
- -- Andy Whitcroft <apw@ubuntu.com>  Fri, 24 Feb 2017 11:14:44 +0000
-
-pesign (0.112-3build1) zesty; urgency=medium
-
-  * No-change rebuild against latest efivar
-
- -- Jeremy Bicha <jbicha@ubuntu.com>  Fri, 16 Dec 2016 20:50:06 -0500
+ -- Julien Cristau <jcristau@debian.org>  Sat, 13 May 2017 17:36:43 +0200
 
 pesign (0.112-3) unstable; urgency=medium
 
diff -Nru pesign-0.112/debian/patches/series pesign-0.112/debian/patches/series
--- pesign-0.112/debian/patches/series	2016-06-27 09:47:12.000000000 +0000
+++ pesign-0.112/debian/patches/series	2017-05-13 15:07:00.000000000 +0000
@@ -1 +1,2 @@
 fix_cmdline.patch
+tty-prompt-race.patch
diff -Nru pesign-0.112/debian/patches/tty-prompt-race.patch pesign-0.112/debian/patches/tty-prompt-race.patch
--- pesign-0.112/debian/patches/tty-prompt-race.patch	1970-01-01 00:00:00.000000000 +0000
+++ pesign-0.112/debian/patches/tty-prompt-race.patch	2017-05-13 15:10:12.000000000 +0000
@@ -0,0 +1,29 @@
+Fix race condition in SEC_GetPassword
+
+A side effect of echoOff is to discard unread input, so if we print the
+prompt before echoOff, the user (or process) at the other end might
+react to it by writing the password in between those steps, which is
+then discarded.  This bit me when trying to drive pesign with an expect
+script.
+
+Signed-off-by: Julien Cristau <jcristau@debian.org>
+---
+https://github.com/rhinstaller/pesign/pull/29
+
+--- pesign.orig/src/password.c
++++ pesign/src/password.c
+@@ -69,13 +69,13 @@ static char *SEC_GetPassword(FILE *input
+     char phrase[200] = {'\0'};      /* ensure EOF doesn't return junk */
+ 
+     for (;;) {
+ 	/* Prompt for password */
+ 	if (isTTY) {
++	    echoOff(infd);
+ 	    fprintf(output, "%s", prompt);
+             fflush (output);
+-	    echoOff(infd);
+ 	}
+ 
+ 	fgets ( phrase, sizeof(phrase), input);
+ 
+ 	if (isTTY) {