diff -u hf-0.8/debian/control hf-0.8/debian/control
--- hf-0.8/debian/control
+++ hf-0.8/debian/control
@@ -1,7 +1,8 @@
 Source: hf
 Section: hamradio
 Priority: optional
-Maintainer: Debian Hamradio Maintainers <debian-hams@lists.debian.org>
+Maintainer: Ubuntu MOTU Developers <ubuntu-motu@lists.ubuntu.com>
+XSBC-Original-Maintainer: Debian Hamradio Maintainers <debian-hams@lists.debian.org>
 Uploaders: Jaime Robles <jaime@debian.org>, Joop Stakenborg <pa3aba@debian.org>, Patrick Ouellette <pouelle@debian.org>, Hamish Moffatt <hamish@debian.org>
 Standards-Version: 3.7.2
 Build-Depends: debhelper (>=4), libgtk1.2-dev, libncurses5-dev, libasound2-dev [!kfreebsd-i386 !kfreebsd-amd64 !hurd-i386], autotools-dev, autoconf, automake1.9
diff -u hf-0.8/debian/changelog hf-0.8/debian/changelog
--- hf-0.8/debian/changelog
+++ hf-0.8/debian/changelog
@@ -1,3 +1,13 @@
+hf (0.8-5ubuntu1.1) hardy-security; urgency=low
+
+  * SECURITY UPDATE: Fix local root security hole that is caused by an
+    insecure call to the system function, thanks Steve Kemp. (LP #320082)
+    - Patch from Debian applied inline.
+    - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504182
+    - CVE-2008-2378
+
+ -- Stefan Lesicnik <stefan@lsd.co.za>  Thu, 22 Jan 2009 17:50:08 +0200
+
 hf (0.8-5) unstable; urgency=low
 
   * Remove /etc/hf.conf when present and purging hf. Closes: #454961.
only in patch2:
unchanged:
--- hf-0.8.orig/hfkernel/main.c
+++ hf-0.8/hfkernel/main.c
@@ -78,6 +78,11 @@
 #include "alsa.h"
 #endif /* HAVE_ALSA_ASOUNDLIB_H */
 
+#ifndef PID_FILE
+# define PID_FILE "/var/run/hfkernel.pid"
+#endif
+
+
 /* --------------------------------------------------------------------- */
 
 /* these variables take hfkernel's options */
@@ -154,6 +159,49 @@
 	}
 }
 
+void kill_daemon()
+{
+	FILE *f;
+	int pid;
+
+	if (!(f = fopen (PID_FILE, "r")))
+        {
+                 errstr( SEV_FATAL, "Failed to read from PID file");
+                  exit(1);
+        }
+	fscanf (f, "%d", &pid);
+	fclose (f);
+
+        kill( SIGKILL, pid );
+        unlink( PID_FILE );
+        exit(1);
+}
+
+
+int write_pid()
+{
+	char buf[20];
+	int fd;
+	long pid;
+
+	if ((fd = open (PID_FILE, O_CREAT | O_TRUNC | O_WRONLY, 0600)) == -1)
+	{
+                errstr (SEV_FATAL, "cannot open pidfile for writing ");
+                exit(1);
+	}
+        else
+        {
+		pid = getpid ();
+		snprintf (buf, sizeof (buf), "%ld", (long) pid);
+		if (write (fd, buf, strlen (buf)) != strlen (buf))
+                {
+                       errstr (SEV_FATAL, "cannot write to pidfile ");
+                       exit(1);
+                }
+		close(fd);
+	}
+	return pid;
+}
 
 /* --------------------------------------------------------------------- */
 
@@ -529,8 +577,8 @@
                     break;
 
                 case 'k':
-                    system ("killall hfkernel");
-
+                     kill_daemon();
+                     break;
                 case 'l':
                     logging = 1;
                     break;
@@ -635,6 +683,7 @@
 
                 exit(1);
         }
+
         if (logging)
                 openlog("hfkernel", LOG_PID, LOG_DAEMON);
 	printf("hfkernel %s starting...\n", PACKAGE_VERSION);
@@ -699,6 +748,8 @@
 
 	printf("Note: hfkernel is only part of the hf package.\n"); 
 	printf("It is controlled by the graphic terminal hfterm. To start them both, use the start script hf. In newer linuxes (kernel 2.6...) we need the syntax\n ´LD_ASDSUME_KERNEL=2.2.5 hfterm´, this is already prepared in the hf script. \n");
+        write_pid();
+
 	start_io_thread();
 	exit(0); }