Merge pull request #20 from serghey-rodin/master

update from official vesta
2025-08-19 21:04:07 -07:00 · 2018-10-18 12:04:37 +02:00 · 2018-10-18 12:04:37 +02:00 · c04eda5e09
commit c04eda5e09
parent 466cf25da8 14c093a6a1
40 changed files with 122 additions and 71 deletions
--- a/bin/v-open-fs-config
+++ b/bin/v-open-fs-config
@ -35,6 +35,11 @@ if [ ! -z "$src_file" ]; then
        echo "Error: invalid source path $src_file"
        exit 2
    fi
+    spath=$(echo "$rpath" |egrep "/etc|/var/lib")
+    if [ -z "$spath" ]; then
+        echo "Error: invalid source path $src_file"
+        exit 2
+    fi
 fi

 # Reading conf
--- a/install/debian/7/sudo/admin
+++ b/install/debian/7/sudo/admin
@ -4,5 +4,5 @@ Defaults:admin !syslog
 Defaults:admin !requiretty
 Defaults:root !requiretty

-admin   ALL=(ALL)       ALL
+# sudo is limited to vesta scripts
 admin   ALL=NOPASSWD:/usr/local/vesta/bin/*
--- a/install/debian/8/sudo/admin
+++ b/install/debian/8/sudo/admin
@ -4,5 +4,5 @@ Defaults:admin !syslog
 Defaults:admin !requiretty
 Defaults:root !requiretty

-admin   ALL=(ALL)       ALL
+# sudo is limited to vesta scripts
 admin   ALL=NOPASSWD:/usr/local/vesta/bin/*
--- a/install/debian/9/sudo/admin
+++ b/install/debian/9/sudo/admin
@ -4,5 +4,5 @@ Defaults:admin !syslog
 Defaults:admin !requiretty
 Defaults:root !requiretty

-admin   ALL=(ALL)       ALL
+# sudo is limited to vesta scripts
 admin   ALL=NOPASSWD:/usr/local/vesta/bin/*
--- a/install/rhel/5/sudo/admin
+++ b/install/rhel/5/sudo/admin
@ -4,5 +4,5 @@ Defaults:admin !syslog
 Defaults:admin !requiretty
 Defaults:root !requiretty

-admin   ALL=(ALL)       ALL
+# sudo is limited to vesta scripts
 admin   ALL=NOPASSWD:/usr/local/vesta/bin/*
--- a/install/rhel/6/sudo/admin
+++ b/install/rhel/6/sudo/admin
@ -4,5 +4,5 @@ Defaults:admin !syslog
 Defaults:admin !requiretty
 Defaults:root !requiretty

-admin   ALL=(ALL)       ALL
+# sudo is limited to vesta scripts
 admin   ALL=NOPASSWD:/usr/local/vesta/bin/*
--- a/install/rhel/7/sudo/admin
+++ b/install/rhel/7/sudo/admin
@ -4,5 +4,5 @@ Defaults:admin !syslog
 Defaults:admin !requiretty
 Defaults:root !requiretty

-admin   ALL=(ALL)       ALL
+# sudo is limited to vesta scripts
 admin   ALL=NOPASSWD:/usr/local/vesta/bin/*
--- a/install/ubuntu/12.04/sudo/admin
+++ b/install/ubuntu/12.04/sudo/admin
@ -4,5 +4,5 @@ Defaults:admin !syslog
 Defaults:admin !requiretty
 Defaults:root !requiretty

-admin   ALL=(ALL)       ALL
+# sudo is limited to vesta scripts
 admin   ALL=NOPASSWD:/usr/local/vesta/bin/*
--- a/install/ubuntu/12.10/sudo/admin
+++ b/install/ubuntu/12.10/sudo/admin
@ -4,5 +4,5 @@ Defaults:admin !syslog
 Defaults:admin !requiretty
 Defaults:root !requiretty

-admin   ALL=(ALL)       ALL
+# sudo is limited to vesta scripts
 admin   ALL=NOPASSWD:/usr/local/vesta/bin/*
--- a/install/ubuntu/13.04/sudo/admin
+++ b/install/ubuntu/13.04/sudo/admin
@ -4,5 +4,5 @@ Defaults:admin !syslog
 Defaults:admin !requiretty
 Defaults:root !requiretty

-admin   ALL=(ALL)       ALL
+# sudo is limited to vesta scripts
 admin   ALL=NOPASSWD:/usr/local/vesta/bin/*
--- a/install/ubuntu/13.10/sudo/admin
+++ b/install/ubuntu/13.10/sudo/admin
@ -4,5 +4,5 @@ Defaults:admin !syslog
 Defaults:admin !requiretty
 Defaults:root !requiretty

-admin   ALL=(ALL)       ALL
+# sudo is limited to vesta scripts
 admin   ALL=NOPASSWD:/usr/local/vesta/bin/*
--- a/install/ubuntu/14.04/sudo/admin
+++ b/install/ubuntu/14.04/sudo/admin
@ -4,5 +4,5 @@ Defaults:admin !syslog
 Defaults:admin !requiretty
 Defaults:root !requiretty

-admin   ALL=(ALL)       ALL
+# sudo is limited to vesta scripts
 admin   ALL=NOPASSWD:/usr/local/vesta/bin/*
--- a/install/ubuntu/14.10/sudo/admin
+++ b/install/ubuntu/14.10/sudo/admin
@ -4,5 +4,5 @@ Defaults:admin !syslog
 Defaults:admin !requiretty
 Defaults:root !requiretty

-admin   ALL=(ALL)       ALL
+# sudo is limited to vesta scripts
 admin   ALL=NOPASSWD:/usr/local/vesta/bin/*
--- a/install/ubuntu/15.04/sudo/admin
+++ b/install/ubuntu/15.04/sudo/admin
@ -4,5 +4,5 @@ Defaults:admin !syslog
 Defaults:admin !requiretty
 Defaults:root !requiretty

-admin   ALL=(ALL)       ALL
+# sudo is limited to vesta scripts
 admin   ALL=NOPASSWD:/usr/local/vesta/bin/*
--- a/install/ubuntu/15.10/sudo/admin
+++ b/install/ubuntu/15.10/sudo/admin
@ -4,5 +4,5 @@ Defaults:admin !syslog
 Defaults:admin !requiretty
 Defaults:root !requiretty

-admin   ALL=(ALL)       ALL
+# sudo is limited to vesta scripts
 admin   ALL=NOPASSWD:/usr/local/vesta/bin/*
--- a/install/ubuntu/16.04/sudo/admin
+++ b/install/ubuntu/16.04/sudo/admin
@ -4,5 +4,5 @@ Defaults:admin !syslog
 Defaults:admin !requiretty
 Defaults:root !requiretty

-admin   ALL=(ALL)       ALL
+# sudo is limited to vesta scripts
 admin   ALL=NOPASSWD:/usr/local/vesta/bin/*
--- a/install/ubuntu/16.10/sudo/admin
+++ b/install/ubuntu/16.10/sudo/admin
@ -4,5 +4,5 @@ Defaults:admin !syslog
 Defaults:admin !requiretty
 Defaults:root !requiretty

-admin   ALL=(ALL)       ALL
+# sudo is limited to vesta scripts
 admin   ALL=NOPASSWD:/usr/local/vesta/bin/*
--- a/install/ubuntu/17.04/sudo/admin
+++ b/install/ubuntu/17.04/sudo/admin
@ -4,5 +4,5 @@ Defaults:admin !syslog
 Defaults:admin !requiretty
 Defaults:root !requiretty

-admin   ALL=(ALL)       ALL
+# sudo is limited to vesta scripts
 admin   ALL=NOPASSWD:/usr/local/vesta/bin/*
--- a/install/ubuntu/17.10/sudo/admin
+++ b/install/ubuntu/17.10/sudo/admin
@ -4,5 +4,5 @@ Defaults:admin !syslog
 Defaults:admin !requiretty
 Defaults:root !requiretty

-admin   ALL=(ALL)       ALL
+# sudo is limited to vesta scripts
 admin   ALL=NOPASSWD:/usr/local/vesta/bin/*
--- a/install/ubuntu/18.04/sudo/admin
+++ b/install/ubuntu/18.04/sudo/admin
@ -4,5 +4,5 @@ Defaults:admin !syslog
 Defaults:admin !requiretty
 Defaults:root !requiretty

-admin   ALL=(ALL)       ALL
+# sudo is limited to vesta scripts
 admin   ALL=NOPASSWD:/usr/local/vesta/bin/*
--- a/install/vst-install-amazon.sh
+++ b/install/vst-install-amazon.sh
@ -1008,8 +1008,9 @@ if [ "$mysql" = 'yes' ]; then
    fi

    # Securing MySQL installation
-    mysqladmin -u root password $vpass
-    echo -e "[client]\npassword='$vpass'\n" > /root/.my.cnf
+    mpass=$(gen_pass)
+    mysqladmin -u root password $mpass
+    echo -e "[client]\npassword='$mpass'\n" > /root/.my.cnf
    chmod 600 /root/.my.cnf
    mysql -e "DELETE FROM mysql.user WHERE User=''"
    mysql -e "DROP DATABASE test" >/dev/null 2>&1
@ -1031,9 +1032,10 @@ fi
 #----------------------------------------------------------#

 if [ "$postgresql" = 'yes' ]; then
+    ppass=$(gen_pass)
    if [ $release -eq 5 ]; then
        service postgresql start
-        sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'"
+        sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'"
        service postgresql stop
        cp -f $vestacp/postgresql/pg_hba.conf /var/lib/pgsql/data/
        service postgresql start
@ -1041,7 +1043,7 @@ if [ "$postgresql" = 'yes' ]; then
        service postgresql initdb
        cp -f $vestacp/postgresql/pg_hba.conf /var/lib/pgsql/data/
        service postgresql start
-        sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'"
+        sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'"
    fi
    # Configuring phpPgAdmin
    if [ "$apache" = 'yes' ]; then
@ -1272,13 +1274,13 @@ fi

 # Configuring MySQL host
 if [ "$mysql" = 'yes' ]; then
-    $VESTA/bin/v-add-database-host mysql localhost root $vpass
+    $VESTA/bin/v-add-database-host mysql localhost root $mpass
    $VESTA/bin/v-add-database admin default default $(gen_pass) mysql
 fi

 # Configuring PostgreSQL host
 if [ "$postgresql" = 'yes' ]; then
-    $VESTA/bin/v-add-database-host pgsql localhost postgres $vpass
+    $VESTA/bin/v-add-database-host pgsql localhost postgres $ppass
    $VESTA/bin/v-add-database admin db db $(gen_pass) pgsql
 fi

@ -1332,9 +1334,6 @@ $VESTA/bin/v-add-cron-vesta-autoupdate
 #                   Vesta Access Info                      #
 #----------------------------------------------------------#

-# Sending install notification to vestacp.com
-wget vestacp.com/notify/?$codename -O /dev/null -q
-
 # Comparing hostname and IP
 host_ip=$(host $servername |head -n 1 |awk '{print $NF}')
 if [ "$host_ip" = "$ip" ]; then
--- a/install/vst-install-debian.sh
+++ b/install/vst-install-debian.sh
@ -985,8 +985,9 @@ if [ "$mysql" = 'yes' ]; then
    check_result $? "mysql start failed"

    # Securing MySQL installation
-    mysqladmin -u root password $vpass
-    echo -e "[client]\npassword='$vpass'\n" > /root/.my.cnf
+    mpass=$(gen_pass)
+    mysqladmin -u root password $mpass
+    echo -e "[client]\npassword='$mpass'\n" > /root/.my.cnf
    chmod 600 /root/.my.cnf
    mysql -e "DELETE FROM mysql.user WHERE User=''"
    mysql -e "DROP DATABASE test" >/dev/null 2>&1
@ -1008,9 +1009,10 @@ fi
 #----------------------------------------------------------#

 if [ "$postgresql" = 'yes' ]; then
+    ppass=$(gen_pass)
    wget $vestacp/postgresql/pg_hba.conf -O /etc/postgresql/*/main/pg_hba.conf
    service postgresql restart
-    sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'"
+    sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'"

    # Configuring phpPgAdmin
    if [ "$apache" = 'yes' ]; then
@ -1298,13 +1300,13 @@ fi

 # Configuring mysql host
 if [ "$mysql" = 'yes' ]; then
-    $VESTA/bin/v-add-database-host mysql localhost root $vpass
+    $VESTA/bin/v-add-database-host mysql localhost root $mpass
    $VESTA/bin/v-add-database admin default default $(gen_pass) mysql
 fi

 # Configuring pgsql host
 if [ "$postgresql" = 'yes' ]; then
-    $VESTA/bin/v-add-database-host pgsql localhost postgres $vpass
+    $VESTA/bin/v-add-database-host pgsql localhost postgres $ppass
    $VESTA/bin/v-add-database admin db db $(gen_pass) pgsql
 fi

@ -1359,9 +1361,6 @@ $VESTA/bin/v-add-cron-vesta-autoupdate
 #                   Vesta Access Info                      #
 #----------------------------------------------------------#

-# Sending install notification to vestacp.com
-wget vestacp.com/notify/?$codename -O /dev/null -q
-
 # Comparing hostname and ip
 host_ip=$(host $servername| head -n 1 | awk '{print $NF}')
 if [ "$host_ip" = "$ip" ]; then
--- a/install/vst-install-rhel.sh
+++ b/install/vst-install-rhel.sh
@ -1024,8 +1024,9 @@ if [ "$mysql" = 'yes' ]; then
    fi

    # Securing MySQL installation
-    mysqladmin -u root password $vpass
-    echo -e "[client]\npassword='$vpass'\n" > /root/.my.cnf
+    mpass=$(gen_pass)
+    mysqladmin -u root password $mpass
+    echo -e "[client]\npassword='$mpass'\n" > /root/.my.cnf
    chmod 600 /root/.my.cnf
    mysql -e "DELETE FROM mysql.user WHERE User=''"
    mysql -e "DROP DATABASE test" >/dev/null 2>&1
@ -1047,9 +1048,10 @@ fi
 #----------------------------------------------------------#

 if [ "$postgresql" = 'yes' ]; then
+    ppass=$(gen_pass)
    if [ $release -eq 5 ]; then
        service postgresql start
-        sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'"
+        sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'"
        service postgresql stop
        cp -f $vestacp/postgresql/pg_hba.conf /var/lib/pgsql/data/
        service postgresql start
@ -1057,7 +1059,7 @@ if [ "$postgresql" = 'yes' ]; then
        service postgresql initdb
        cp -f $vestacp/postgresql/pg_hba.conf /var/lib/pgsql/data/
        service postgresql start
-        sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'"
+        sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'"
    fi
    # Configuring phpPgAdmin
    if [ "$apache" = 'yes' ]; then
@ -1289,13 +1291,13 @@ fi

 # Configuring MySQL/MariaDB host
 if [ "$mysql" = 'yes' ]; then
-    $VESTA/bin/v-add-database-host mysql localhost root $vpass
+    $VESTA/bin/v-add-database-host mysql localhost root $mpass
    $VESTA/bin/v-add-database admin default default $(gen_pass) mysql
 fi

 # Configuring PostgreSQL host
 if [ "$postgresql" = 'yes' ]; then
-    $VESTA/bin/v-add-database-host pgsql localhost postgres $vpass
+    $VESTA/bin/v-add-database-host pgsql localhost postgres $ppass
    $VESTA/bin/v-add-database admin db db $(gen_pass) pgsql
 fi

@ -1349,9 +1351,6 @@ $VESTA/bin/v-add-cron-vesta-autoupdate
 #                   Vesta Access Info                      #
 #----------------------------------------------------------#

-# Sending install notification to vestacp.com
-wget vestacp.com/notify/?$codename -O /dev/null -q
-
 # Comparing hostname and IP
 host_ip=$(host $servername |head -n 1 |awk '{print $NF}')
 if [ "$host_ip" = "$ip" ]; then
--- a/install/vst-install-ubuntu.sh
+++ b/install/vst-install-ubuntu.sh
@ -977,8 +977,9 @@ if [ "$mysql" = 'yes' ]; then
    check_result $? "mysql start failed"

    # Securing MySQL/MariaDB installation
-    mysqladmin -u root password $vpass
-    echo -e "[client]\npassword='$vpass'\n" > /root/.my.cnf
+    mpass=$(gen_pass)
+    mysqladmin -u root password $mpass
+    echo -e "[client]\npassword='$mpass'\n" > /root/.my.cnf
    chmod 600 /root/.my.cnf
    mysql -e "DELETE FROM mysql.user WHERE User=''"
    mysql -e "DROP DATABASE test" >/dev/null 2>&1
@ -1000,9 +1001,10 @@ fi
 #----------------------------------------------------------#

 if [ "$postgresql" = 'yes' ]; then
+    ppass=$(gen_pass)
    cp -f $vestacp/postgresql/pg_hba.conf /etc/postgresql/*/main/
    service postgresql restart
-    sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'"
+    sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'"

    # Configuring phpPgAdmin
    if [ "$apache" = 'yes' ]; then
@ -1235,13 +1237,13 @@ fi

 # Configuring MySQL/MariaDB host
 if [ "$mysql" = 'yes' ]; then
-    $VESTA/bin/v-add-database-host mysql localhost root $vpass
+    $VESTA/bin/v-add-database-host mysql localhost root $mpass
    $VESTA/bin/v-add-database admin default default $(gen_pass) mysql
 fi

 # Configuring PostgreSQL host
 if [ "$postgresql" = 'yes' ]; then
-    $VESTA/bin/v-add-database-host pgsql localhost postgres $vpass
+    $VESTA/bin/v-add-database-host pgsql localhost postgres $ppass
    $VESTA/bin/v-add-database admin db db $(gen_pass) pgsql
 fi

@ -1295,9 +1297,6 @@ $VESTA/bin/v-add-cron-vesta-autoupdate
 #                   Vesta Access Info                      #
 #----------------------------------------------------------#

-# Sending install notification to vestacp.com
-wget vestacp.com/notify/?$codename -O /dev/null -q
-
 # Comparing hostname and IP
 host_ip=$(host $servername| head -n 1 |awk '{print $NF}')
 if [ "$host_ip" = "$ip" ]; then
--- a/src/deb/ioncube/control
+++ b/src/deb/ioncube/control
@ -1,7 +1,7 @@
 Source: vesta-ioncube
 Package: vesta-ioncube
 Priority: optional
-Version: 0.9.8-22
+Version: 0.9.8-23
 Section: admin
 Maintainer: Serghey Rodin <skid@vestacp.com>
 Homepage: https://www.ioncube.com
--- a/src/deb/nginx/control
+++ b/src/deb/nginx/control
@ -1,7 +1,7 @@
 Source: vesta-nginx
 Package: vesta-nginx
 Priority: optional
-Version: 0.9.8-22
+Version: 0.9.8-23
 Section: admin
 Maintainer: Serghey Rodin <skid@vestacp.com>
 Homepage: http://vestacp.com
--- a/src/deb/php/control
+++ b/src/deb/php/control
@ -1,7 +1,7 @@
 Source: vesta-php
 Package: vesta-php
 Priority: optional
-Version: 0.9.8-22
+Version: 0.9.8-23
 Section: admin
 Maintainer: Serghey Rodin <skid@vestacp.com>
 Homepage: http://vestacp.com
--- a/src/deb/softaculous/control
+++ b/src/deb/softaculous/control
@ -1,7 +1,7 @@
 Source: vesta-softaculous
 Package: vesta-softaculous
 Priority: optional
-Version: 0.9.8-22
+Version: 0.9.8-23
 Section: admin
 Maintainer: Serghey Rodin <skid@vestacp.com>
 Homepage: https://www.softaculous.com
--- a/src/deb/vesta/control
+++ b/src/deb/vesta/control
@ -1,7 +1,7 @@
 Source: vesta
 Package: vesta
 Priority: optional
-Version: 0.9.8-22
+Version: 0.9.8-23
 Section: admin
 Maintainer: Serghey Rodin <skid@vestacp.com>
 Homepage: http://vestacp.com
--- a/src/deb/vesta/postinst
+++ b/src/deb/vesta/postinst
@ -28,4 +28,12 @@ if [ -x /usr/local/vesta/upd/fix_roundcube.sh ]; then
    /usr/local/vesta/upd/fix_roundcube.sh
 fi

+if [ -x /usr/local/vesta/upd/limit_sudo.sh ]; then
+    /usr/local/vesta/upd/limit_sudo.sh
+fi
+
+if [ -x /usr/local/vesta/upd/fix_dhcprenew.sh ]; then
+    /usr/local/vesta/upd/fix_dhcprenew.sh
+fi
+
 exit 0
--- a/src/rpm/specs/vesta-ioncube.spec
+++ b/src/rpm/specs/vesta-ioncube.spec
@ -1,6 +1,6 @@
 Name:           vesta-ioncube
 Version:        0.9.8
-Release:        22
+Release:        23
 Summary:        ionCube Loader
 Group:          System Environment/Base
 License:        "Freely redistributable without restriction"
--- a/src/rpm/specs/vesta-nginx.spec
+++ b/src/rpm/specs/vesta-nginx.spec
@ -1,6 +1,6 @@
 Name:           vesta-nginx
 Version:        0.9.8
-Release:        22
+Release:        23
 Summary:        Vesta Control Panel
 Group:          System Environment/Base
 License:        BSD-like
--- a/src/rpm/specs/vesta-php.spec
+++ b/src/rpm/specs/vesta-php.spec
@ -1,6 +1,6 @@
 Name:           vesta-php
 Version:        0.9.8
-Release:        22
+Release:        23
 Summary:        Vesta Control Panel
 Group:          System Environment/Base
 License:        GPL
--- a/src/rpm/specs/vesta-softaculous.spec
+++ b/src/rpm/specs/vesta-softaculous.spec
@ -1,6 +1,6 @@
 Name:           vesta-softaculous
 Version:        0.9.8
-Release:        22
+Release:        23
 Summary:        Vesta Control Panel
 Group:          System Environment/Base
 License:        Softaculous License
--- a/src/rpm/specs/vesta.spec
+++ b/src/rpm/specs/vesta.spec
@ -1,6 +1,6 @@
 Name:           vesta
 Version:        0.9.8
-Release:        22
+Release:        23
 Summary:        Vesta Control Panel
 Group:          System Environment/Base
 License:        GPL
@ -45,6 +45,15 @@ if [ $1 -ge 2 ]; then
    if [ -x /usr/local/vesta/upd/fix_roundcube.sh ]; then
        /usr/local/vesta/upd/fix_roundcube.sh
    fi
+
+    if [ -x /usr/local/vesta/upd/limit_sudo.sh ]; then
+        /usr/local/vesta/upd/limit_sudo.sh
+    fi
+
+    if [ -x /usr/local/vesta/upd/fix_dhcprenew.sh ]; then
+        /usr/local/vesta/upd/fix_dhcprenew.sh
+    fi
+
 fi
 %files
 %{_vestadir}
@ -59,6 +68,12 @@ fi
 %config(noreplace) %{_vestadir}/web/css/uploadify.css

 %changelog
+* Thu Oct 18 2018 Serghey Rodin <builder@vestacp.com> - 0.9.8-23
+- Security fixes
+
+* Wed Jun 27 2018 Serghey Rodin <builder@vestacp.com> - 0.9.8-22
+- Security fixes
+
 * Fri May 11 2018 Serghey Rodin <builder@vestacp.com> - 0.9.8-21
 - Additional security fixes

--- a/upd/add_notifications.sh
+++ b/upd/add_notifications.sh
@ -5,5 +5,5 @@ rm -f /usr/local/vesta/data/users/admin/notifications.conf
 /usr/local/vesta/bin/v-add-user-notification admin "File Manager" "Browse, copy, edit, view, and retrieve all your web domain files using a fully featured <a href='http://vestacp.com/features/#filemanager'>File Manager</a>. Plugin is available for <a href='/edit/server/?lead=filemanager#module-filemanager'>purchase</a>." 'filemanager'
 /usr/local/vesta/bin/v-add-user-notification admin "Chroot SFTP" "If you want to have SFTP accounts that will be used only to transfer files (and not to SSH), you can  <a href='/edit/server/?lead=sftp#module-sftp'>purchase</a> and enable <a href='http://vestacp.com/features/#sftpchroot'>SFTP Chroot</a>"
 /usr/local/vesta/bin/v-add-user-notification admin "Softaculous" "Softaculous is one of the best Auto Installers and it is finally <a href='/edit/server/?lead=sftp#module-softaculous'>available</a>"
-/usr/local/vesta/bin/v-add-user-notification admin "Release 0.9.8-19" "We've made 1478 commits, fixed 29 bugs and merged 141 pull request. As always for more information please read <a href='http://vestacp.com/roadmap/#0.9.8-18'>release notes</a>"
+/usr/local/vesta/bin/v-add-user-notification admin "Release 0.9.8-23" "We've made 1478 commits, fixed 29 bugs and merged 141 pull request. As always for more information please read <a href='http://vestacp.com/roadmap/#0.9.8-23'>release notes</a>"

--- a/upd/fix_dhcprenew.sh
+++ b/upd/fix_dhcprenew.sh
@ -0,0 +1,20 @@
+#!/bin/bash
+
+if [ -e "/usr/bin/dhcprenew" ]; then
+    mv /usr/bin/dhcprenew /usr/bin/dhcprenew.disabled
+
+    # Notify admin via control panel
+    rm /usr/local/vesta/data/users/admin/notifications.conf
+    touch /usr/local/vesta/data/users/admin/notifications.conf
+    /usr/local/vesta/bin/v-add-user-notification admin \
+        "Security Check" "Your server was compromised please contact us at info@vestacp.com to get help."
+
+    # Send email notification
+    send_mail="/usr/local/vesta/web/inc/mail-wrapper.php"
+    email=$(grep CONTACT /usr/local/vesta/data/users/admin/user.conf |cut -f2 -d \')
+    if [ ! -z "$email" ]; then
+        echo "Your server $(hostname) was compromised please contact us at info@vestacp.com to get help." |\
+            $send_mail -s "SECURITY CHECK: Vesta Control Panel" $email
+    fi
+fi
+
--- a/upd/limit_sudo.sh
+++ b/upd/limit_sudo.sh
@ -0,0 +1,6 @@
+#!/bin/bash
+
+if [ -e "/etc/sudoers.d/admin" ]; then
+    sed -i "s/admin.*ALL=(ALL).*/# sudo is limited to vesta scripts/" \
+        /etc/sudoers.d/admin
+fi
--- a/web/inc/i18n/es.php
+++ b/web/inc/i18n/es.php
@ -193,11 +193,11 @@ $LANG['es'] = array(
    'Mail Accounts'  => 'Cuentas de Correo',
    'Cron Jobs'  => 'Tareas Programadas',
    'SSH Access'  => 'Acceso SSH',
-    'IP Address'  => 'IP Address',
-    'IP Addresses'  => 'Dirección IP',
+    'IP Address'  => 'Dirección IP',
+    'IP Addresses'  => 'Direcciones IP',
    'Backups'  => 'Respaldos',
    'Backup System'  => 'Sistema de Respaldo',
-    'backup exclusions' => 'respaldos excluídos',
+    'backup exclusions' => 'configurar exlusiones',
    'template'  => 'plantilla',
    'SSL Support'  => 'Soportar SSL',
    'SSL Home Directory'  => 'Directorio local del SSL',
@ -248,8 +248,8 @@ $LANG['es'] = array(
    'SYS'  => 'SYS',
    'Domains'  => 'Dominios',
    'Status'  => 'Estado',
-    'shared'  => 'compartido',
-    'dedicated'  => 'dedicado',
+    'shared'  => 'compartida',
+    'dedicated'  => 'dedicada',
    'Owner' => 'Dueño',
    'Users'  => 'Usuarios',
    'Load Average'  => 'Promedio de carga',
@ -332,7 +332,7 @@ $LANG['es'] = array(
    'Package Name'  => 'Nombre del Plan',
    'Netmask'  => 'Máscara de Red',
    'Interface'  => 'Interfaz',
-    'Shared'  => 'Compartido',
+    'Shared'  => 'Compartida',
    'Assigned user'  => 'Usuario asignado',
    'Assigned domain'  => 'Dominio asignado',
    'NAT IP association' => 'Asociación NAT IP',
@ -762,4 +762,5 @@ $LANG['es'] = array(
    'maximum characters length, including prefix' => 'usar un máximo de %s caracteres, incluyendo prefijo',

    'Email Credentials' => 'Email Credentials',
+    
 );
--- a/web/reset/index.php
+++ b/web/reset/index.php
@ -48,7 +48,7 @@ if ((!empty($_POST['user'])) && (!empty($_POST['code'])) && (!empty($_POST['pass
        if ( $return_var == 0 ) {
            $data = json_decode(implode('', $output), true);
            $rkey = $data[$user]['RKEY'];
-            if ($rkey == $_POST['code']) {
+            if (hash_equals($rkey, $_POST['code'])) {
                $v_password = tempnam("/tmp","vst");
                $fp = fopen($v_password, "w");
                fwrite($fp, $_POST['password']."\n");