x11vnc: enhanced_tightvnc_viewer files, ssh -t keystroke response improvement.

classes/ssl/ssl_vncviewer

@@ -256,19 +256,25 @@ if [ "X$use_ssh" = "X1" ]; then
 	else
 		info="$ssh_cmd"
 	fi
+
+	C=""
+	if [ "X$SSL_VNCVIEWER_USE_C" != "X" ]; then
+		C="-C"
+	fi
+	# the -t option actually speeds up typing response via VNC!!
 	if [ "X$SSL_VNCVIEWER_SSH_ONLY" != "X" ]; then
-		echo "$ssh -p $ssh_port -t -C $ssh_args $ssh_host \"$info\""
+		echo "$ssh -p $ssh_port -t $C $ssh_args $ssh_host \"$info\""
 		echo ""
-		$ssh -p $ssh_port -t -C $ssh_args $ssh_host "$ssh_cmd"
+		$ssh -p $ssh_port -t $C $ssh_args $ssh_host "$ssh_cmd"
 		exit $?
 	elif [ "X$SSL_VNCVIEWER_NO_F" != "X" ]; then
-		echo "$ssh -p $ssh_port -C -L ${use}:${vnc_host}:${port} $ssh_args $ssh_host \"$info\""
+		echo "$ssh -p $ssh_port -t $C -L ${use}:${vnc_host}:${port} $ssh_args $ssh_host \"$info\""
 		echo ""
-		$ssh -p $ssh_port -C -L ${use}:${vnc_host}:${port} $ssh_args $ssh_host "$ssh_cmd"
+		$ssh -p $ssh_port -t $C -L ${use}:${vnc_host}:${port} $ssh_args $ssh_host "$ssh_cmd"
 	else
-		echo "$ssh -f -p $ssh_port -C -L ${use}:${vnc_host}:${port} $ssh_args $ssh_host \"$info\""
+		echo "$ssh -f -p $ssh_port -t $C -L ${use}:${vnc_host}:${port} $ssh_args $ssh_host \"$info\""
 		echo ""
-		$ssh -f -p $ssh_port -C -L ${use}:${vnc_host}:${port} $ssh_args $ssh_host "$ssh_cmd"
+		$ssh -f -p $ssh_port -t $C -L ${use}:${vnc_host}:${port} $ssh_args $ssh_host "$ssh_cmd"
 	fi
 	if [ "$?" != "0" ]; then
 		echo ""
@@ -283,6 +289,8 @@ if [ "X$use_ssh" = "X1" ]; then
 		sleep 5
 	fi
 	echo ""
+	#reset
+	stty sane
 	if [ "X$use_sshssl" = "X" ]; then
 		echo "Running viewer:"
 		echo $VNCVIEWERCMD "$@" localhost:$N

x11vnc/ChangeLog

+2006-09-13  Karl Runge <runge@karlrunge.com>
+	* x11vnc: document 'ssh -t' improved keyboard response.  add
+	  extra rfbPE() around keystrokes. 
+	  misc/enhanced_tightvnc_viewer: incorporate scripts, documentation,
+	  etc. for the enhanced tightvnc viewer package.
+
 2006-09-10  Karl Runge <runge@karlrunge.com>
 	* x11vnc: minor changes: REQ_ARGS for -sslGenCert, EV_SYN
 	  SYN_REPORT check restore cursor most under -display WAIT.

x11vnc/help.c

@@ -45,7 +45,7 @@ void print_help(int mode) {
 "these protections.  See the FAQ for details how to tunnel the VNC connection\n"
 "through an encrypted channel such as ssh(1).  In brief:\n"
 "\n"
-"       ssh -L 5900:localhost:5900 far-host 'x11vnc -localhost -display :0'\n"
+"       ssh -t -L 5900:localhost:5900 far-host 'x11vnc -localhost -display :0'\n"
 "\n"
 "       vncviewer -encodings 'copyrect tight zrle hextile' localhost:0\n"
 "\n"
@@ -112,15 +112,15 @@ void print_help(int mode) {
 "                       a colormap histogram.  Example: -shiftcmap 240\n"
 "-notruecolor           For 8bpp displays, force indexed color (i.e. a colormap)\n"
 "                       even if it looks like 8bpp TrueColor (rare problem).\n"
-"-visual n              Experimental option: probably does not do what you\n"
-"                       think.  It simply *forces* the visual used for the\n"
-"                       framebuffer; this may be a bad thing... (e.g. messes\n"
-"                       up colors or cause a crash). It is useful for testing\n"
-"                       and for some workarounds.  n may be a decimal number,\n"
-"                       or 0x hex.  Run xdpyinfo(1) for the values.  One may\n"
-"                       also use \"TrueColor\", etc. see <X11/X.h> for a list.\n"
-"                       If the string ends in \":m\" then for better or for\n"
-"                       worse the visual depth is forced to be m.\n"
+"-visual n              This option probably does not do what you think.\n"
+"                       It simply *forces* the visual used for the framebuffer;\n"
+"                       this may be a bad thing... (e.g. messes up colors or\n"
+"                       cause a crash). It is useful for testing and for some\n"
+"                       workarounds.  n may be a decimal number, or 0x hex.\n"
+"                       Run xdpyinfo(1) for the values.  One may also use\n"
+"                       \"TrueColor\", etc. see <X11/X.h> for a list.  If the\n"
+"                       string ends in \":m\" then for better or for worse the\n"
+"                       visual depth is forced to be m.\n"
 "\n"
 "-overlay               Handle multiple depth visuals on one screen, e.g. 8+24\n"
 "                       and 24+8 overlay visuals (the 32 bits per pixel are\n"
@@ -1537,10 +1537,10 @@ void print_help(int mode) {
 "-bg                    Go into the background after screen setup.  Messages to\n"
 "                       stderr are lost unless -o logfile is used.  Something\n"
 "                       like this could be useful in a script:\n"
-"                         port=`ssh $host \"x11vnc -display :0 -bg\" | grep PORT`\n"
-"                         port=`echo \"$port\" | sed -e 's/PORT=//'`\n"
-"                         port=`expr $port - 5900`\n"
-"                         vncviewer $host:$port\n"
+"                        port=`ssh -t $host \"x11vnc -display :0 -bg\" | grep PORT`\n"
+"                        port=`echo \"$port\" | sed -e 's/PORT=//'`\n"
+"                        port=`expr $port - 5900`\n"
+"                        vncviewer $host:$port\n"
 "\n"
 "-modtweak              Option -modtweak automatically tries to adjust the AltGr\n"
 "-nomodtweak            and Shift modifiers for differing language keyboards\n"
@@ -2404,8 +2404,8 @@ void print_help(int mode) {
 "                       It may be of use in video capture-like applications,\n"
 "                       or where window tearing is a problem.\n"
 "\n"
-"-rawfb string          Experimental option, instead of polling X, poll the\n"
-"                       memory object specified in \"string\".\n"
+"-rawfb string          Instead of polling X, poll the memory object specified\n"
+"                       in \"string\".\n"
 "\n"
 "                       For shared memory segments string is of the\n"
 "                       form: \"shm:N@WxHxB\" which specifies a shmid\n"
@@ -2634,16 +2634,16 @@ void print_help(int mode) {
 "                       You can make your own freqtab by copying the xawtv\n"
 "                       format.\n"
 "\n"
-"-pipeinput cmd         Another experimental option: it lets you supply an\n"
-"                       external command in \"cmd\" that x11vnc will pipe\n"
-"                       all of the user input events to in a simple format.\n"
-"                       In -pipeinput mode by default x11vnc will not process\n"
-"                       any of the user input events.  If you prefix \"cmd\"\n"
-"                       with \"tee:\" it will both send them to the pipe\n"
-"                       command and process them.  For a description of the\n"
-"                       format run \"-pipeinput tee:/bin/cat\".  Another prefix\n"
-"                       is \"reopen\" which means to reopen pipe if it exits.\n"
-"                       Separate multiple prefixes with commas.\n"
+"-pipeinput cmd         This option lets you supply an external command in\n"
+"                       \"cmd\" that x11vnc will pipe all of the user input\n"
+"                       events to in a simple format.  In -pipeinput mode by\n"
+"                       default x11vnc will not process any of the user input\n"
+"                       events.  If you prefix \"cmd\" with \"tee:\" it will\n"
+"                       both send them to the pipe command and process them.\n"
+"                       For a description of the format run \"-pipeinput\n"
+"                       tee:/bin/cat\".  Another prefix is \"reopen\" which\n"
+"                       means to reopen pipe if it exits.  Separate multiple\n"
+"                       prefixes with commas.\n"
 "\n"
 "                       In combination with -rawfb one might be able to\n"
 "                       do amusing things (e.g. control non-X devices).\n"

x11vnc/misc/enhanced_tightvnc_viewer/README

+                  Enhanced TightVNC Viewer package
+
+Copyright (c) Karl J. Runge <runge@karlrunge.com>
+All rights reserved.
+
+These packages provide 1) An enhanced TightVNC Viewer on Unix, 2) Binaries
+for many Operating Systems (including Windows) for your convenience,
+3) Wrapper scripts and etc. for gluing them all together.
+
+One can straight-forwardly download all of the components and get them
+to work together by oneself: this package is mostly for your convenience
+to combine and wrap together the freely available software.
+
+Bundled software co-shipped in this package is copyright and licensed
+by others.  See these sites and related ones for more information:
+
+        http://www.tightvnc.com
+        http://www.realvnc.com
+        http://www.stunnel.org
+        http://www.openssl.org
+        http://www.chiark.greenend.org.uk/~sgtatham/putty/
+
+Note: Some of the Windows binaries included contain cryptographic software
+that you may not be allowed to download, use, or redistribute.  Please
+check your situation first before downloading any of these packages.
+See the survey http://rechten.uvt.nl/koops/cryptolaw/index.htm for useful
+information.  The Unix programs do not contain cryptographic software, but
+rather will make use of cryptographic libraries that are installed on your
+Unix system.  Depending on your circumstances you may still need to check.
+
+All work by Karl J. Runge in this package is Copyright (c) Karl J. Runge
+and is licensed under the GPL as described in the file COPYING in this
+directory.
+
+All the files and information in this package are provided "AS IS"
+without any warranty of any kind.  Use them at your own risk.
+
+
+=============================================================================
+
+This package contains a convenient collection of enhanced TightVNC viewers
+and stunnel binaries for different flavors of Unix and wrapper scripts,
+etc to glue them together.  SSL and SSH encryption tunnelling is provided.
+
+Also, a Windows SSL wrapper for the co-bundled TightVNC binary and other
+utilities are provided.  (Launch ssl_tightvncviewer.exe in the
+Windows subdirectory).
+
+
+Features:
+--------
+
+The enhanced TightVNC viewer features are:
+
+	- SSL support for connections using the co-bundled stunnel program.
+
+	- Automatic SSH connections from the GUI (ssh must already be
+	  installed on Unix; co-bundled plink is used on Windows)
+
+	- rfbNewFBSize VNC support on Unix (screen resizing)
+
+	- cursor alphablending with x11vnc at 32bpp (-alpha option, Unix only)
+
+	- xgrabserver support for fullscreen mode, for old window
+	  managers (-grab option, Unix only).
+
+	- Automatic Service tunnelling via SSH for CUPS and SMB Printing,
+	  ESD/ARTSD Audio, and SMB (Windows/Samba) filesystem mounting.
+
+        - Port Knocking for "closed port" SSH/SSL connections.  In addition
+          to a simple fixed port sequence and one-time-pad implementation,
+          a hook is also provided to run any port knocking client before a
+          connecting.
+
+
+Your package should have included binaries for many OS's: Linux, Solaris,
+FreeBSD, etc.  See the subdirectories of
+
+	./bin
+
+for the ones that were shipped in this package, e.g. ./bin/Linux.i686
+Run "uname -sm" to see your OS+arch combination. (See the
+./bin/tightvncviewer -h output for how to override platform autodection
+via the UNAME env. var).
+
+
+If you need to Build:
+--------------------
+
+If your OS/arch is not included, the script "build.unix" may be able to
+successfully build on for you and deposit the binaries down in ./bin/...
+using the included source code.
+
+You must run the build.unix script from this directory (that this toplevel
+README is in) and like this:
+
+	./build.unix
+
+
+The programs:
+------------
+
+The wrapper scripts: 
+
+	./bin/ssl_tightvncviewer
+	./bin/tightvncviewer
+
+are the main programs you will run and will try to autodetect your OS+arch
+combination and if binaries are present for it automatically use them.
+(if not found try the running the build.unix script).
+
+If you prefer a GUI to prompt for parameters and then start ssl_tightvncviewer
+you can run this instead:
+
+	./bin/ssl_vnc_gui
+
+this is essentially the same GUI that is run on Windows (the
+ssl_tightvncviewer.exe).
+
+Using the GUI is it impossible to initiate a VNC connection that is not
+encrypted with either SSL or SSH.  Unencrypted VNC connections can only
+be started by manually running the ./bin/tightvncviewer script.
+
+For convenience, you can make symlinks from a directory in your PATH to
+any of the 3 programs above you wish to run.  That is all you usually
+need to do for it to pick up all of the binaries, utils, etc. E.g.
+assuming $HOME/bin is in your $PATH:
+
+	cd $HOME/bin
+	ln -s /path/to/enhanced_tightvnc_viewer/bin/{s,t}* .
+
+(note the "." at the end). The above commands is basically the way to
+"install" this package on Unix.
+
+
+On Windows run:
+
+	Windows/ssl_tightvncviewer.exe
+
+
+Examples:
+--------
+
+Use enhanced TightVNC unix viewer to connect to x11vnc via SSL:
+
+	./bin/ssl_tightvncviewer   far-away.east:0
+
+	./bin/tightvncviewer -ssl  far-away.east:0   (same)
+
+	./bin/ssl_vnc_gui                            (start GUI launcher)
+
+Use enhanced TightVNC unix viewer without SSL:
+
+	./bin/tightvncviewer far-away.east:0
+
+Use SSL to connect to a x11vnc server, and also verify the server's
+identity using the SSL Certificate in the file ./x11vnc.pem:
+
+	./bin/ssl_tightvncviewer -alpha -verify ./x11vnc.pem far-away.east:0
+
+(also turns on the viewer-side cursor alphablending hack). 
+
+
+Brief description of the subdirectories:
+---------------------------------------
+
+	./bin/util		some utility scripts, e.g. ssl_vncviewer
+				and ssl_tightvncviewer.tcl
+
+	./src			source code and patches.
+	./src/zips		zip files of source code and binaries.
+
+	./src/vnc_unixsrc	unpacked tightvnc source code tree.
+	./src/stunnel-4.14	unpacked stunnel source code tree.
+	./src/patches		patches to TightVNC viewer for the new
+				features on Unix (used by build.unix).
+	./src/tmp		temporary build dir for build.unix
+				(the last four are used by build.unix)
+
+
+	./man			man pages for TightVNC viewer and stunnel.
+
+	./Windows		Stock TightVNC viewer and Stunnel, Openssl
+				etc Windows binaries. ssl_tightvncviewer.exe
+				is the program to run.
+
+Since they are large, depending on which package you use not all of the
+above may be present in your package.
+
+
+Help and Info:
+-------------
+
+For more help on other options and usage patterns run these:
+
+	./bin/ssl_tightvncviewer -h
+	./bin/tightvncviewer -h
+	./bin/util/ssl_vncviewer -h
+
+See also:
+
+	http://www.karlrunge.com/x11vnc
+	http://www.karlrunge.com/x11vnc/#faq
+	x11vnc -h | more
+
+	http://www.stunnel.org
+	http://www.openssl.org
+	http://www.tightvnc.com
+        http://www.realvnc.com
+        http://www.chiark.greenend.org.uk/~sgtatham/putty/
+
+
+Windows:
+-------
+
+	A wrapper to create a STUNNEL tunnel and then launch the
+	Windows TightVNC viewer is provided in:
+
+		Windows/ssl_tightvncviewer.exe
+
+	Just launch it and fill in the remote VNC display.
+
+	Click the Help buttons for more info.  There is also a
+	Windows/README.txt file.
+
+	On Windows you may need to terminate the STUNNEL process
+	from the System Tray if the tool cannot terminate it
+	by itself.  Just right-click on the STUNNEL icon.

x11vnc/misc/enhanced_tightvnc_viewer/Windows/README.txt

+
+This is a Windows utility to automatically start up STUNNEL to redirect
+SSL VNC connections to a remote host.  Then TightVNC Viewer (included)
+is launched to used this SSL tunnel.
+
+An example server would be "x11vnc -ssl", or any VNC server with a
+2nd STUNNEL program running on the server side.
+
+Just click on the program "ssl_tightvncviewer.exe", and then enter
+the remote VNC Server and click "Connect".  Click on "Help" for more
+information.  You can also set some simple options under "Options ..."
+
+Note that on Windows when the TightVNC viewer disconnects you may need to
+terminate the STUNNEL program manually.  To do this: Click on the STUNNEL
+icon (dark green) on the System Tray and then click "Exit".  Before that,
+however, you will be prompted if you want ssl_tightvncviewer.exe to try
+to terminate STUNNEL for you. (Note that even if STUNNEL termination is
+successful, the Tray Icon may not go away until the mouse hovers over it!)
+
+With this STUNNEL and TightVNC Viewer wrapper you can also enable using
+SSL Certificates with STUNNEL, and so the connection is not only encrypted
+but it is also not susceptible to man-in-the-middle attacks.
+
+See the STUNNEL and x11vnc documentation for how to create and add SSL
+Certificates (PEM files) for authentication.  Click on the "Certs ..."
+button to specify the certificate(s).  See the Help there for more info
+and also:
+
+	http://www.karlrunge.com/x11vnc
+	http://www.tightvnc.com
+	http://www.stunnel.org
+	http://www.openssl.org
+	http://www.chiark.greenend.org.uk/~sgtatham/putty/
+
+You can use x11vnc to create certificates if you like:
+
+	http://www.karlrunge.com/x11vnc/#faq-ssl-ca
+
+
+Misc:
+
+	The openssl.exe stunnel.exe vncviewer.exe libeay32.dll
+	libssl32.dll programs came from the websites mentioned above.
+
+	IMPORTANT: some of these binaries may have cryptographic
+	software that you may not be allowed to download or use.
+	See the above websites for more information and also the
+        util/info subdirectories. 
+
+	Also, the kill.exe and tlist.exe programs in the w98 directory
+	came from diagnostic tools ftp site of Microsoft's.

x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/info/esound/download.url

+http://www.tux.org/~ricdude/EsounD.html

x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/info/openssl/download.url

+http://www.stunnel.org/download/stunnel/win32/

x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/info/openssl/location.url

+http://www.stunnel.org/download/binaries.html

x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/info/plink/download.url

+http://www.chiark.greenend.org.uk/%7esgtatham/putty/download.html

x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/info/plink/licence.url

+http://www.chiark.greenend.org.uk/%7esgtatham/putty/licence.html

x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/info/stunnel/download.url

+http://www.stunnel.org/download/stunnel/win32/

x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/info/stunnel/location.url

+http://www.stunnel.org/download/binaries.html

x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/info/vncviewer/download.url

+http://www.tightvnc.com/download.html

x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/info/vncviewer/location.url

+http://www.tightvnc.com

x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/stunnel-client.conf

+#
+# Example SSL stunnel CLIENT configuration file.  (you run stunnel on
+# this machine and point your vnc viewer to it, it goes to remote VNC
+# server via SSL)
+#
+# To use this file you will need to edit it.  Then you will need
+# to manually start up stunnel using it.
+# (e.g. /path/to/stunnel stunnel-server.conf)
+#
+# This is just an example and is not used by the tools in this package.
+# It is here to show how to create outgoing SSL connections to remote
+# VNC servers when not using the tools in this package.
+#
+client = yes
+options = ALL
+RNDbytes = 2048
+RNDfile = bananarand.bin
+RNDoverwrite = yes
+#
+# Remote server certs could go here:
+#  CApath = /path/to/.../crt-dir
+#  CAfile = /path/to/.../foo.crt
+#  verify = 2
+# My cert could go here:
+#  cert = /path/to/.../my.pem
+#
+[vnc]
+#
+# Set to local listening port number (e.g. 5900 for vnc display 0):
+#
+accept = localhost:5900
+#
+# Set to remote host:port to connect to (e.g. far-away.east:5900):
+# (this is where the VNC server is. :0 -> port 5900, etc)
+#
+connect = HOST:PORT
+delay = no 
+#
+# You could add additional ones going to other VNC servers:
+# [vnc2]
+# accept = localhost:5901
+# connect = HOST2:PORT2
+# etc ...

x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/stunnel-server.conf

+#
+# Example SSL stunnel SERVER configuration file.  (e.g. for your VNC
+# server on this same machine.)
+#
+# To use this file you may need to edit it.  Then you will need
+# to manually start up stunnel using it.
+# (e.g. /path/to/stunnel stunnel-server.conf)
+#
+# This is just an example and is not used by the tools in this package.
+# It is here in case you wanted to see how to add SSL support to any
+# VNC server you have.
+#
+RNDbytes = 2048
+RNDfile = bananarand.bin
+RNDoverwrite = yes
+#
+# Remote client certs could go here:
+#  CApath = /path/to/.../crt-dir
+#  CAfile = /path/to/.../foo.crt
+#  verify = 2
+# My server cert could go here:
+#  cert = /path/to/.../my.pem
+#
+[vnc]
+#
+# Set to local listening port number (e.g. 5901 for vnc display 1):
+# so the remote viewers would connect to: yourmachine:1
+#
+accept = 5901
+#
+# Set to localhost:port to connect to VNC server on this same machine:
+# (E.g. you run WinVNC on :0, preferably listening on localhost).
+#
+connect = localhost:5900

x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/w98/location.url

+ftp://ftp.microsoft.com/Services/TechNet/samples/PS/Win98/Reskit/DIAGNOSE/

x11vnc/misc/enhanced_tightvnc_viewer/bin/ssl_tightvncviewer

+#!/bin/sh
+#
+# Copyright (c) 2006 by Karl J. Runge <runge@karlrunge.com>
+#
+# ssl_tightvncviewer:
+#
+#    A wrapper that calls ssl_vncviewer to use the enhanced TightVNC viewer. 
+#
+# The enhanced TightVNC viewer features are:
+#
+#	- SSL support for connections using the co-bundled stunnel program.
+#	- rfbNewFBSize VNC support (screen resizing)
+#	- cursor alphablending with x11vnc at 32bpp
+#	- xgrabserver support for fullscreen mode (for old window mgrs)
+#
+#
+# Your platform (e.g. Linux.i686) is autodetected and enhanced
+# vncviewer and stunnel binaries for it are used (see the ./bin directory).
+#
+# See the build.unix script if your platform is not in this package.
+# You can also set the env. var. UNAME=os.arch to any "os.arch" you want
+# to override the autodetetion.
+#
+# Usage:
+#
+#     ssl_tightvncviewer [ssl_vncviewer-args] hostname:N [tightvncviewer-args]
+#
+# "hostname:N" is the host and VNC display to connect to, e.g. snoopy:0
+#
+# See the script util/ssl_vncviewer for details about its arguments:
+#
+#	-verify pemfile
+#	-mycert pemfile
+#	-proxy  phost:pport
+#	-alpha
+#	-grab
+#
+#
+# See the TightVNC viewer documentation for on its cmdline arguments.
+#
+# For convenience, here is the current (7/2006) TightVNC viewer -help output:
+#
+#       TightVNC viewer version 1.3dev5
+#       
+#       Usage: vncviewer [<OPTIONS>] [<HOST>][:<DISPLAY#>]
+#              vncviewer [<OPTIONS>] [<HOST>][::<PORT#>]
+#              vncviewer [<OPTIONS>] -listen [<DISPLAY#>]
+#              vncviewer -help
+#       
+#       <OPTIONS> are standard Xt options, or:
+#               -via <GATEWAY>
+#               -shared (set by default)
+#               -noshared
+#               -viewonly
+#               -fullscreen
+#               -noraiseonbeep
+#               -passwd <PASSWD-FILENAME> (standard VNC authentication)
+#               -user <USERNAME> (Unix login authentication)
+#               -encodings <ENCODING-LIST> (e.g. "tight copyrect")
+#               -bgr233
+#               -owncmap
+#               -truecolour
+#               -depth <DEPTH>
+#               -compresslevel <COMPRESS-VALUE> (0..9: 0-fast, 9-best)
+#               -quality <JPEG-QUALITY-VALUE> (0..9: 0-low, 9-high)
+#               -nojpeg
+#               -nocursorshape
+#               -x11cursor
+#               -autopass
+#       
+#       Option names may be abbreviated, e.g. -bgr instead of -bgr233.
+#       See the manual page for more information.
+#  
+
+if [ "X$1" = "X-h" -o "X$1" = "X-help" -o "X$1" = "X--help" ]; then
+	head -70 "$0" | grep -v bin/sh
+	exit
+fi
+
+# Include /usr/bin... to be sure to get regular utilities:
+#
+PATH=$PATH:/usr/bin:/bin
+export PATH
+
+# Set this for ssl_vncviewer to pick up:
+#
+VNCVIEWERCMD="vncviewer"
+export VNCVIEWERCMD
+
+# work out os.arch platform string and check for binaries:
+#
+name=$UNAME
+if [ "X$name" = "X" ]; then
+	name=`uname -sm | sed -e 's/ /./'`
+fi
+
+if [ -L "$0" ]; then
+	d=`dirname "\`ls -l "$0" | sed -e 's/^.* -> //'\`"`
+	if echo "$d" | grep '^/' > /dev/null; then
+		dir="$d"
+	else
+		dir="`dirname "$0"`/$d"
+	fi
+else
+	dir=`dirname "$0"`
+fi
+if [ ! -d "$dir/$name" ]; then
+	echo "cannot find platform dir: $dir/$name for your OS:" 
+	uname -sm
+	echo "you can set the \$UNAME env. var. to override the setting."
+	exit 1
+fi
+
+# Put our os.arch and other utils dirs at head of PATH to be sure to
+# pick them up:
+#
+PATH="$dir:$dir/$name:$dir/util:$PATH"
+
+STUNNEL_EXTRA_OPTS=${STUNNEL_EXTRA_OPTS:-"maxconn = 1"}
+export STUNNEL_EXTRA_OPTS
+
+# Force the use of tight encoding for localhost redir connection:
+#
+ssl_vncviewer "$@" -encodings 'copyrect tight zrle zlib hextile'

x11vnc/misc/enhanced_tightvnc_viewer/bin/ssl_vnc_gui

+#!/bin/sh
+#
+# Copyright (c) 2006 by Karl J. Runge <runge@karlrunge.com>
+#
+# ssl_vnc_gui:
+#
+#    A wrapper for ssl_tightvncviewer using a tcl/tk gui.
+#
+# See ssl_tightvncviewer for details.
+#
+if [ "X$XTERM_PRINT" != "X" ]; then
+	XTERM_PRINT=""
+	cat > /dev/null
+fi
+if [ "X$1" = "X-bg" ]; then
+	shift
+	$0 "$@" &
+	exit 0
+fi
+
+PATH=$PATH:/usr/bin:/bin:/usr/bin/X11:/usr/X11R6/bin:/usr/openwin/bin
+export PATH
+
+SSL_VNC_GUI_CMD="$0 $*"
+export SSL_VNC_GUI_CMD
+SSL_VNC_LAUNCH=$SSL_VNC_GUI_CMD
+export SSL_VNC_LAUNCH
+
+# work out os.arch platform string and check for binaries:
+#
+name=$UNAME
+if [ "X$name" = "X" ]; then
+	name=`uname -sm | sed -e 's/ /./'`
+fi
+
+if [ -L "$0" ]; then
+	d=`dirname "\`ls -l "$0" | sed -e 's/^.* -> //'\`"`
+	if echo "$d" | grep '^/' > /dev/null; then
+		dir="$d"
+	else
+		dir="`dirname "$0"`/$d"
+	fi
+else
+	dir=`dirname "$0"`
+fi
+if [ ! -d "$dir/$name" ]; then
+	echo "cannot find platform dir: $dir/$name for your OS:" 
+	uname -sm
+	echo "you can set the \$UNAME env. var. to override the setting."
+	exit 1
+fi
+
+# Put our os.arch and other utils dirs at head of PATH to be sure to
+# pick them up:
+#
+PATH="$dir:$dir/$name:$dir/util:$PATH"
+
+SSL_VNC_BASEDIR="$dir"
+export SSL_VNC_BASEDIR
+
+STUNNEL_EXTRA_OPTS=${STUNNEL_EXTRA_OPTS:-"maxconn = 1"}
+export STUNNEL_EXTRA_OPTS
+
+exec ssl_tightvncviewer.tcl "$@"

x11vnc/misc/enhanced_tightvnc_viewer/bin/tightvncviewer

+#!/bin/sh
+#
+# Copyright (c) 2006 by Karl J. Runge <runge@karlrunge.com>
+#
+# tightvncviewer:
+#
+#    A wrapper that calls the enhanced TightVNC viewer. 
+#
+# The enhanced TightVNC viewer features are:
+#
+#	- SSL support for connections using the co-bundled stunnel program.
+#	- rfbNewFBSize VNC support (screen resizing)
+#	- cursor alphablending with x11vnc at 32bpp
+#	- xgrabserver support for fullscreen mode (for old window mgrs)
+#
+#
+# Your platform (e.g. Linux.i686) is autodetected and enhanced
+# vncviewer and stunnel binaries for it are used (see the ./bin directory).
+#
+# See the build.unix script if your platform is not in this package if
+# you want to build one.
+#
+# See the build.unix script if your platform is not in this package if you want to build one.
+# You can also set the env. var. UNAME=os.arch to any "os.arch" you want
+# to override the autodetetion.
+#
+# Usage:
+#
+#     tightvncviewer [tightvncviewer-args] hostname:N 
+# or
+#     tightvncviewer -ssl hostname:N [tightvncviewer-args]
+#
+# "hostname:N" is the host and VNC display to connect to, e.g. snoopy:0
+#
+# If the first argument is "-ssl" then ssl_tightvncviewer is called 
+# instead.  See that script for details.
+#
+# See the TightVNC viewer documentation for on its cmdline arguments.
+#
+# For convenience, here is the current (7/2006) TightVNC viewer -help output:
+#
+#       TightVNC viewer version 1.3dev5
+#       
+#       Usage: vncviewer [<OPTIONS>] [<HOST>][:<DISPLAY#>]
+#              vncviewer [<OPTIONS>] [<HOST>][::<PORT#>]
+#              vncviewer [<OPTIONS>] -listen [<DISPLAY#>]
+#              vncviewer -help
+#       
+#       <OPTIONS> are standard Xt options, or:
+#               -via <GATEWAY>
+#               -shared (set by default)
+#               -noshared
+#               -viewonly
+#               -fullscreen
+#               -noraiseonbeep
+#               -passwd <PASSWD-FILENAME> (standard VNC authentication)
+#               -user <USERNAME> (Unix login authentication)
+#               -encodings <ENCODING-LIST> (e.g. "tight copyrect")
+#               -bgr233
+#               -owncmap
+#               -truecolour
+#               -depth <DEPTH>
+#               -compresslevel <COMPRESS-VALUE> (0..9: 0-fast, 9-best)
+#               -quality <JPEG-QUALITY-VALUE> (0..9: 0-low, 9-high)
+#               -nojpeg
+#               -nocursorshape
+#               -x11cursor
+#               -autopass
+#       
+#       Option names may be abbreviated, e.g. -bgr instead of -bgr233.
+#       See the manual page for more information.
+#  
+
+if [ "X$1" = "X-h" -o "X$1" = "X-help" -o "X$1" = "X--help" ]; then
+	head -69 "$0" | grep -v bin/sh
+	exit
+fi
+
+# Include /usr/bin... to be sure to get regular utilities:
+#
+PATH=$PATH:/usr/bin:/bin
+export PATH
+
+# Set this for ssl_vncviewer to pick up:
+#
+VNCVIEWERCMD="vncviewer"
+export VNCVIEWERCMD
+
+# work out os.arch platform string and check for binaries:
+#
+name=$UNAME
+if [ "X$name" = "X" ]; then
+	name=`uname -sm | sed -e 's/ /./'`
+fi
+
+if [ -L "$0" ]; then
+	d=`dirname "\`ls -l "$0" | sed -e 's/^.* -> //'\`"`
+	if echo "$d" | grep '^/' > /dev/null; then
+		dir="$d"
+	else
+		dir="`dirname "$0"`/$d"
+	fi
+else
+	dir=`dirname "$0"`
+fi
+if [ ! -d "$dir/$name" ]; then
+	echo "cannot find platform dir: $dir/$name for your OS:" 
+	uname -sm
+	echo "you can set the \$UNAME env. var. to override the setting."
+	exit 1
+fi
+
+# Put our os.arch and other utils dirs at head of PATH to be sure to
+# pick them up:
+#
+PATH="$dir:$dir/$name:$dir/util:$PATH"
+
+if [ "X$1" = "X-ssl" ]; then
+	shift	
+	ssl_tightvncviewer "$@"
+	exit $?
+fi
+
+STUNNEL_EXTRA_OPTS=${STUNNEL_EXTRA_OPTS:-"maxconn = 1"}
+export STUNNEL_EXTRA_OPTS
+
+# Force the use of tight encoding for localhost redir connection:
+#
+vncviewer -encodings 'copyrect tight zrle zlib hextile' "$@"

x11vnc/misc/enhanced_tightvnc_viewer/bin/util/stunnel-server.conf

+#
+# Example SSL stunnel SERVER configuration file.  (e.g. for your VNC
+# server on this same machine.)
+#
+# To use this file you may need to edit it.  Then you will need
+# to manually start up stunnel using it.
+# (e.g. /path/to/stunnel stunnel-server.conf)
+#
+# This is just an example and is not used by the tools in this package.
+# It is here in case you wanted to see how to add SSL support to any
+# VNC server you have.
+#
+RNDbytes = 2048
+RNDfile = bananarand.bin
+RNDoverwrite = yes
+#
+# Remote client certs could go here:
+#  CApath = /path/to/.../crt-dir
+#  CAfile = /path/to/.../foo.crt
+#  verify = 2
+# My server cert could go here:
+#  cert = /path/to/.../my.pem
+#
+[vnc]
+#
+# Set to local listening port number (e.g. 5901 for vnc display 1):
+# so the remote viewers would connect to: yourmachine:1
+#
+accept = 5901
+#
+# Set to localhost:port to connect to VNC server on this same machine:
+# (E.g. you run WinVNC on :0, preferably listening on localhost).
+#
+connect = localhost:5900

x11vnc/misc/enhanced_tightvnc_viewer/build.unix

+#!/bin/sh
+
+# Add useful directories to PATH:
+#
+PATH=$PATH:/usr/bin:/bin:/usr/local/bin:/usr/X11R6/bin:/usr/bin/X11:/usr/openwin/bin:/opt/SUNWspro/bin:/usr/sfw/bin:/usr/ccs/bin
+export PATH
+
+# Check location:
+#
+thisdir=`dirname "$0"`
+if [ ! -d ./bin -o ! -d src/patches ]; then
+	echo "You must run this script from: $thisdir"
+	exit 1
+fi
+
+# Try to find osname.arch
+#
+name=$UNAME
+if [ "X$name" = "X" ]; then
+	name=`uname -sm | sed -e 's/ /./'`
+fi
+if [ "X$name" = "X" ]; then
+	echo "cannot determine platform: os.arch, e.g. Linux.i686"
+	echo "set \$UNAME manually and retry."
+	exit 1
+fi
+
+# Work out main destination:
+#
+dest=./bin/$name
+if [ -d $dest ]; then
+	printf "$dest exists.  overwrite it? [y]/n "
+	read x
+	if [ "X$x" = "Xn" ]; then
+		exit
+	fi
+	rm -rf $dest
+fi
+mkdir -p $dest || exit 1
+
+# Create a tmp dir for this build:
+#
+tmp=./src/tmp/$name.$$
+if [ "X$TMPDIR" != "X" ]; then
+	tmp="$TMPDIR/$tmp"
+fi
+mkdir -p $tmp || exit 1
+
+# Try to find some static archives of various libraries:
+#
+libs="$tmp/libs"
+mkdir -p $libs || exit 1
+#for liba in libz.a libjpeg.a libssl.a libcrypto.a
+for liba in libz.a libjpeg.a
+do
+	for dir in /usr/lib /lib /usr/local/lib /usr/pkg/lib /usr/sfw/lib /usr/openwin/lib
+	do
+		if [ "$name" = "Linux.x86_64" -o "$name" = "Linux.ppc64" ] ; then
+			dir64=`echo "$dir" | sed -e 's,lib,lib64,'`
+		fi
+		try="$dir/$liba"
+		if [ -f $try ]; then
+			cp -p "$try" $libs
+		fi
+	done
+done
+echo "Found these static archive libraries, will try to use them..."
+ls -ld $libs
+ls -l $libs
+echo
+
+have_gcc=""
+if type gcc > /dev/null; then
+	have_gcc=1
+fi
+have_cc=""
+if type cc > /dev/null; then
+	have_cc=1
+fi
+
+if [ "X$have_cc" = "X" ]; then
+	if [ "X$have_gcc" = "X1" ]; then
+		cat > $tmp/cc <<END
+#!/bin/sh
+gcc "\$@"
+END
+		chmod 755 $tmp/cc
+		PATH=$PATH:`pwd`/$tmp
+		type cc
+		type gcc
+	fi
+fi
+
+if [ `uname` = "SunOS" ]; then
+	LDFLAGS_OS="$LDFLAGS_OS -L/usr/sfw/lib -R/usr/sfw/lib"
+	CPPFLAGS_OS="$CPPFLAGS_OS -I /usr/sfw/include"
+elif uname | grep -i bsd > /dev/null; then
+	LDFLAGS_OS="$LDFLAGS_OS -L/usr/local/lib -L/usr/pkg/lib"
+	CPPFLAGS_OS="$CPPFLAGS_OS -I /usr/local/include -I /usr/pkg/include"
+fi
+
+# Do tightvnc viewer:
+#
+tight_src=`ls -td ./src/vnc_unixsrc* | head -1`
+if [ ! -d $tight_src ]; then
+	echo "could not locate tight vnc viewer source"
+	exit 1
+fi
+
+cp -pR "$tight_src" "$tmp/vnc_unixsrc" || exit 1
+
+echo "applying tight vnc patches:"
+start=`pwd`
+cd $tmp;
+failed=0
+for patch in ../../patches/tight*
+do
+	if [ ! -f "$patch" ]; then
+		continue
+	fi
+	patch -p0 < $patch
+	if [ $? != 0 ]; then
+		failed=`expr $failed + 1`
+	fi
+done
+cd "$start"
+if [ $failed != 0 ]; then
+	ball=src/zips/vnc_unixsrc_vncviewer.patched.tar
+	echo "patches failed, trying to use backup tarball:"
+	ls -l $ball
+	sleep 2
+	cat $ball | (cd $tmp; tar -xvf -)
+fi
+echo
+
+
+cd $tmp/vnc_unixsrc
+xmkmf
+make Makefiles
+mv vncviewer/Makefile vncviewer/Makefile.orig
+sed -e "s,EXTRA_LDOPTIONS =,EXTRA_LDOPTIONS = -L$start/$libs $LDFLAGS_OS," \
+    -e "s,CCOPTIONS =,CCOPTIONS = $CPPFLAGS_OS," \
+	vncviewer/Makefile.orig > vncviewer/Makefile
+
+if [ `uname` = "SunOS" ]; then
+	for d in vncviewer libvncauth vncconnect vncpasswd
+	do
+		mv $d/Makefile $d/Makefile.orig
+		sed -e "s,CCOPTIONS =.*\$,CCOPTIONS = $CPPFLAGS_OS," \
+			$d/Makefile.orig > $d/Makefile
+	done
+fi
+
+make depend
+echo $PATH
+make all
+ls -l vncviewer/vncviewer
+cd "$start"
+src=$tmp/vnc_unixsrc/vncviewer/vncviewer
+sync
+sleep 2
+sync
+strip $src
+sync
+sleep 2
+sync
+wc  $src
+sum $src
+sleep 2
+echo cp -p $src $dest/vncviewer
+cp -p $src $dest/vncviewer || exit 1
+sleep 1
+cp -p $src $dest/vncviewer || exit 1
+ls -l $src $dest/vncviewer
+$dest/vncviewer -h
+ldd $dest/vncviewer
+echo ""
+
+# Do stunnel:
+#
+stunnel_src=`ls -td ./src/stunnel* | head -1`
+if [ ! -d $stunnel_src ]; then
+	echo "could not locate stunnel source"
+	exit 1
+fi
+
+cp -pR "$stunnel_src" "$tmp/stunnel" || exit 1
+
+echo "applying stunnel patches:"
+start=`pwd`
+cd $tmp;
+failed=0
+for patch in ../../patches/stunnel*
+do
+	if [ ! -f "$patch" ]; then
+		continue
+	fi
+	patch -p0 < $patch
+	if [ $? != 0 ]; then
+		failed=`expr $failed + 1`
+	fi
+done
+cd "$start"
+if [ $failed != 0 ]; then
+	ball=src/zips/stunnel.patched.tar
+	echo "patches failed, trying to use backup tarball:"
+	ls -l $ball
+	sleep 2
+	cat $ball | (cd $tmp; tar -xvf -)
+fi
+echo
+
+
+cd $tmp/stunnel
+if [ `uname` = "SunOS" ]; then
+	cp configure configure.orig
+	sed -e "s,/var/ssl,/var/ssl /usr/sfw," configure.orig > configure
+fi
+env LDFLAGS="-L$start/$libs $LDFLAGS_OS" CPPFLAGS="$CPPFLAGS_OS" ./configure --disable-libwrap
+make
+ls -l src/stunnel
+cd "$start"
+src=$tmp/stunnel/src/stunnel
+sync
+sleep 2
+sync
+strip $src
+sync
+sleep 2
+sync
+wc  $src
+sum $src
+sleep 2
+echo cp -p $src $dest/stunnel
+cp -p $src $dest/stunnel || exit 1
+sleep 1
+cp -p $src $dest/stunnel || exit 1
+ls -l $src $dest/stunnel
+$dest/stunnel -help
+ldd $dest/stunnel
+echo ""
+
+$dest/vncviewer -h
+ldd $dest/vncviewer

x11vnc/misc/enhanced_tightvnc_viewer/src/README

+
+In this directory we have source zip/tgz files in zip/, the patches
+we created in patches/, a temporary build dir (used by build.unix)
+in tmp/, and unpacked sources in vnc_unixsrc/ and stunnel-4.14/ (used
+by the build.unix script).
+
+See the README in the directory one level up for more information.

x11vnc/misc/enhanced_tightvnc_viewer/src/patches/README

+All of the patch files and scripts in this directory are
+
+  Copyright (c) 2006 by Karl J. Runge <runge@karlrunge.com>
+
+and are licensed by the GPL.  See the README and COPYING files two
+directories up for more information.

x11vnc/misc/enhanced_tightvnc_viewer/src/patches/_bundle

+#!/bin/sh
+
+rm -rf ./src/tmp/* || exit 1
+vers=1.0.3
+
+cd .. || exit 1
+
+if [ -f enhanced_tightvnc_viewer-$vers.zip ]; then
+	mv enhanced_tightvnc_viewer-$vers.zip enhanced_tightvnc_viewer-$vers.zip~
+fi
+rm -f enhanced_tightvnc_viewer_all-$vers.zip
+rm -f enhanced_tightvnc_viewer-$vers.zip
+zip -9 -r enhanced_tightvnc_viewer_all-$vers.zip enhanced_tightvnc_viewer
+zip -9 -r enhanced_tightvnc_viewer-$vers.zip enhanced_tightvnc_viewer -x '*.zip' '*.tar.gz'
+tar cvf - --exclude='*.zip' --exclude='*.tar.gz' enhanced_tightvnc_viewer | gzip -9 >  enhanced_tightvnc_viewer-$vers.tar.gz
+tar cvf - --exclude='*.zip' --exclude='*.tar.gz' --exclude='*.dll' --exclude='*.exe' --exclude enhanced_tightvnc_viewer/Windows/util enhanced_tightvnc_viewer | gzip -9 >  enhanced_tightvnc_viewer_no_windows-$vers.tar.gz
+
+ls -l enhanced_tightvnc_viewer*-$vers.*
+
+###########################################
+
+rm -rf enhanced_tightvnc_viewer_windows_only-${vers}*
+
+cp -pR enhanced_tightvnc_viewer enhanced_tightvnc_viewer_windows_only-$vers
+rm -rf enhanced_tightvnc_viewer_windows_only-$vers/{src,bin,man}/*
+rm -rf enhanced_tightvnc_viewer_windows_only-$vers/bin/.linkin
+cp -p enhanced_tightvnc_viewer/bin/util/ssl_tightvncviewer.tcl  enhanced_tightvnc_viewer_windows_only-$vers/Windows/util
+
+rm -f enhanced_tightvnc_viewer_windows_only-$vers.zip
+zip -9 -r enhanced_tightvnc_viewer_windows_only-$vers.zip enhanced_tightvnc_viewer_windows_only-$vers
+
+ls -l enhanced_tightvnc_viewer_windows_only-$vers.zip
+rm -rf enhanced_tightvnc_viewer_windows_only-${vers}

x11vnc/misc/enhanced_tightvnc_viewer/src/patches/_getpatches

+#!/bin/sh
+
+cp -p /dist/src/apps/VNC/tight_vnc_1.3dev5/tight-vncviewer*patch .

x11vnc/misc/enhanced_tightvnc_viewer/src/patches/_vncpatchapplied

+#!/bin/sh
+
+make clean
+rm -f *.o
+cd ../..
+tar -cvf ../../zips/vnc_unixsrc_vncviewer.patched.tar vnc_unixsrc/vncviewer

x11vnc/misc/enhanced_tightvnc_viewer/src/patches/stunnel-maxconn.patch

+diff -Naur stunnel.orig/src/client.c stunnel/src/client.c
+--- stunnel.orig/src/client.c	2005-10-24 14:00:56.000000000 -0400
++++ stunnel/src/client.c	2006-07-31 21:51:37.000000000 -0400
+@@ -126,6 +126,10 @@
+     s_log(LOG_DEBUG, "%s finished (%d left)", c->opt->servname,
+         --num_clients);
+     leave_critical_section(CRIT_CLIENTS);
++    if (num_clients <= 0 && options.maxconn > 0 && num_conn >= options.maxconn) {
++            s_log(LOG_NOTICE, "client() finished: exceeded maxconn");
++	    exit(0);
++    }
+ #endif
+     free(c);
+ #ifdef DEBUG_STACK_SIZE
+diff -Naur stunnel.orig/src/network.c stunnel/src/network.c
+--- stunnel.orig/src/network.c	2005-10-30 16:35:42.000000000 -0500
++++ stunnel/src/network.c	2006-07-31 21:53:49.000000000 -0400
+@@ -329,6 +329,10 @@
+         /* no logging is possible in a signal handler */
+ #ifdef USE_FORK
+         num_clients--; /* one client less */
++        if (num_clients <= 0 && options.maxconn > 0 && num_conn >= options.maxconn) {
++                s_log(LOG_NOTICE, "sigchld_handler() finished: exceeded maxconn");
++                exit(0);
++        }
+ #endif /* USE_FORK */
+     }
+ #else /* __sgi */
+@@ -375,6 +379,10 @@
+     if((pid=wait(&status))>0) {
+         num_clients--; /* one client less */
+ #endif
++        if (num_clients <= 0 && options.maxconn > 0 && num_conn >= options.maxconn) {
++                s_log(LOG_NOTICE, "client_status() finished: exceeded maxconn");
++                exit(0);
++        }
+ #ifdef WIFSIGNALED
+         if(WIFSIGNALED(status)) {
+             s_log(LOG_DEBUG, "Process %d terminated on signal %d (%d left)",
+diff -Naur stunnel.orig/src/options.c stunnel/src/options.c
+--- stunnel.orig/src/options.c	2005-10-20 03:12:07.000000000 -0400
++++ stunnel/src/options.c	2006-07-31 22:49:57.000000000 -0400
+@@ -665,6 +665,24 @@
+         break;
+     }
+ 
++    /* maxconn */
++    switch(cmd) {
++    case CMD_INIT:
++        options.maxconn=0;
++        break;
++    case CMD_EXEC:
++        if(strcasecmp(opt, "maxconn"))
++            break;
++        options.maxconn=atoi(arg);
++            return NULL; /* OK */
++    case CMD_DEFAULT:
++        log_raw("%-15s = 0", "maxconn");
++        break;
++    case CMD_HELP:
++        log_raw("%-15s = maximum number of accepted connections", "maxconn");
++        break;
++    }
++
+     if(cmd==CMD_EXEC)
+         return option_not_found;
+     return NULL; /* OK */
+diff -Naur stunnel.orig/src/prototypes.h stunnel/src/prototypes.h
+--- stunnel.orig/src/prototypes.h	2005-10-27 05:41:28.000000000 -0400
++++ stunnel/src/prototypes.h	2006-07-31 22:49:36.000000000 -0400
+@@ -44,6 +44,7 @@
+ /**************************************** Prototypes for stunnel.c */
+ 
+ extern int num_clients;
++extern int num_conn;
+ 
+ void main_initialize(char *, char *);
+ void main_execute(void);
+@@ -113,6 +114,7 @@
+     long session_timeout;
+     int verify_level;
+     int verify_use_only_my;
++    int maxconn;
+     long ssl_options;
+ 
+         /* some global data for stunnel.c */
+diff -Naur stunnel.orig/src/stunnel.c stunnel/src/stunnel.c
+--- stunnel.orig/src/stunnel.c	2005-11-02 15:18:42.000000000 -0500
++++ stunnel/src/stunnel.c	2006-07-31 21:40:04.000000000 -0400
+@@ -53,6 +53,7 @@
+ #endif
+ 
+ int num_clients=0; /* Current number of clients */
++int num_conn=0;    /* Total number of connections */
+ 
+     /* Functions */
+ 
+@@ -138,6 +139,7 @@
+     }
+ 
+     num_clients=0;
++    num_conn=0;
+ 
+     /* bind local ports */
+     for(opt=local_options.next; opt; opt=opt->next) {
+@@ -222,6 +224,18 @@
+                 return; /* error */
+         }
+     }
++    num_conn++;
++fprintf(stderr, "num_conn: %d\n", num_conn);
++    if (options.maxconn > 0 && num_conn > options.maxconn) {
++        s_log(LOG_WARNING, "Connection rejected: exceeded maxconn (%d>%d)",
++            num_conn, options.maxconn);
++        closesocket(s);
++	if (num_clients == 0) {
++            s_log(LOG_WARNING, "Finished via maxconn.");
++            exit(0);
++	}
++        return;
++    }
+     s_ntop(from_address, &addr);
+     s_log(LOG_DEBUG, "%s accepted FD=%d from %s",
+         opt->servname, s, from_address);

x11vnc/misc/enhanced_tightvnc_viewer/src/patches/tight-vncviewer-fullscreen.patch

+--- vnc_unixsrc.orig/vncviewer/fullscreen.c	2003-10-09 05:23:49.000000000 -0400
++++ vnc_unixsrc/vncviewer/fullscreen.c	2004-12-26 21:21:44.000000000 -0500
+@@ -173,9 +173,15 @@
+   XtVaSetValues(popup, XtNoverrideRedirect, True, NULL);
+ 
+   /* Try to get the input focus. */
+-
++ 
++#if 0
+   XSetInputFocus(dpy, DefaultRootWindow(dpy), RevertToPointerRoot,
+ 		 CurrentTime);
++#else
++  XSetInputFocus(dpy, PointerRoot, RevertToPointerRoot,
++                 CurrentTime);
++#endif
++
+ 
+   /* Optionally, grab the keyboard. */
+ 
+@@ -184,6 +190,10 @@
+ 		     GrabModeAsync, CurrentTime) != GrabSuccess) {
+     fprintf(stderr, "XtGrabKeyboard() failed.\n");
+   }
++if (getenv("VNCVIEWER_GRAB_SERVER") != NULL) { /* runge bot of FullScreenOn */
++        fprintf(stderr, "calling XGrabServer(dpy)\n");
++        XGrabServer(dpy);       
++}
+ }
+ 
+ 
+@@ -210,6 +220,11 @@
+ 
+   appData.fullScreen = False;
+ 
++if (getenv("VNCVIEWER_GRAB_SERVER") != NULL) { /* runge top of FullScreenOff */
++        fprintf(stderr, "calling XUngrabServer(dpy)\n");
++        XUngrabServer(dpy);     
++}
++
+   if (appData.grabKeyboard)
+     XtUngrabKeyboard(desktop, CurrentTime);
+ 

x11vnc/misc/enhanced_tightvnc_viewer/src/patches/tight-vncviewer-newfbsize.patch

+--- vnc_unixsrc.orig/vncviewer/desktop.c	2004-05-28 13:29:29.000000000 -0400
++++ vnc_unixsrc/vncviewer/desktop.c	2006-07-27 11:30:01.000000000 -0400
+@@ -50,6 +50,30 @@
+   },
+ };
+ 
++void create_image() {
++  image = NULL;
++
++#ifdef MITSHM
++  if (appData.useShm) {
++    image = CreateShmImage();
++    if (!image)
++      appData.useShm = False;
++  }
++#endif
++
++  if (!image) {
++    image = XCreateImage(dpy, vis, visdepth, ZPixmap, 0, NULL,
++			 si.framebufferWidth, si.framebufferHeight,
++			 BitmapPad(dpy), 0);
++
++    image->data = malloc(image->bytes_per_line * image->height);
++    if (!image->data) {
++      fprintf(stderr,"malloc failed\n");
++      exit(1);
++    }
++  }
++}
++
+ 
+ /*
+  * DesktopInitBeforeRealization creates the "desktop" widget and the viewport
+@@ -82,30 +106,9 @@
+   for (i = 0; i < 256; i++)
+     modifierPressed[i] = False;
+ 
+-  image = NULL;
+-
+-#ifdef MITSHM
+-  if (appData.useShm) {
+-    image = CreateShmImage();
+-    if (!image)
+-      appData.useShm = False;
+-  }
+-#endif
+-
+-  if (!image) {
+-    image = XCreateImage(dpy, vis, visdepth, ZPixmap, 0, NULL,
+-			 si.framebufferWidth, si.framebufferHeight,
+-			 BitmapPad(dpy), 0);
+-
+-    image->data = malloc(image->bytes_per_line * image->height);
+-    if (!image->data) {
+-      fprintf(stderr,"malloc failed\n");
+-      exit(1);
+-    }
+-  }
++  create_image();
+ }
+ 
+-
+ /*
+  * DesktopInitAfterRealization does things which require the X windows to
+  * exist.  It creates some GCs and sets the dot cursor.
+@@ -460,3 +463,69 @@
+     break;
+   }
+ }
++
++static void reset_image(void) {
++	if (UsingShm()) {
++		ShmCleanup();
++	} else {
++		if (image && image->data) {
++			free(image->data);
++			XDestroyImage(image);
++			image = NULL;
++		}
++	}
++	create_image();
++	XFlush(dpy);
++}
++
++void ReDoDesktop(void) {
++	int w, h, x, y, dw, dh;
++
++	if (appData.fullScreen) {
++		if (image && image->data) {
++			int len;
++			int h = image->height;
++			int w = image->width;
++			len = image->bytes_per_line * image->height;
++			/* black out window first: */
++			memset(image->data, 0, len);
++  			XPutImage(dpy, XtWindow(desktop), gc, image, 0, 0, 0, 0, w, h);
++			XFlush(dpy);
++		}
++		XtResizeWidget(desktop, si.framebufferWidth, si.framebufferHeight, 0);
++		XSync(dpy, False);
++		usleep(100*1000);
++		FullScreenOn();
++		XSync(dpy, False);
++		usleep(100*1000);
++		reset_image();
++		return;
++	}
++
++	dw = appData.wmDecorationWidth;
++	dh = appData.wmDecorationHeight;
++
++	w = si.framebufferWidth;
++	h = si.framebufferHeight;
++
++	if (w + dw >= dpyWidth) {
++		w = dpyWidth - dw;
++	}
++	if (h + dh >= dpyHeight) {
++		h = dpyHeight - dh;
++	}
++
++	XtVaSetValues(toplevel, XtNmaxWidth, w, XtNmaxHeight, h, NULL);
++
++	XtVaSetValues(desktop, XtNwidth, si.framebufferWidth,
++	    XtNheight, si.framebufferHeight, NULL);
++
++	x = (dpyWidth  - w - dw)/2;
++	y = (dpyHeight - h - dh)/2;
++
++	XtResizeWidget(desktop, si.framebufferWidth, si.framebufferHeight, 0);
++
++	XtConfigureWidget(toplevel, x + dw, y + dh, w, h, 0);
++
++	reset_image();
++}
+--- vnc_unixsrc.orig/vncviewer/fullscreen.c	2003-10-09 05:23:49.000000000 -0400
++++ vnc_unixsrc/vncviewer/fullscreen.c	2006-07-27 14:36:06.000000000 -0400
+@@ -85,10 +85,13 @@
+   Dimension oldViewportWidth, oldViewportHeight, clipWidth, clipHeight;
+   Position viewportX, viewportY;
+ 
++  Bool fsAlready = appData.fullScreen, toobig = False;
++
+   appData.fullScreen = True;
+ 
+   if (si.framebufferWidth > dpyWidth || si.framebufferHeight > dpyHeight) {
+ 
++    toobig = True;
+     XtVaSetValues(viewport, XtNforceBars, True, NULL);
+     XtVaGetValues(viewport, XtNwidth, &oldViewportWidth,
+ 		  XtNheight, &oldViewportHeight, NULL);
+@@ -129,6 +132,7 @@
+      reparenting our window to the root.  The window manager will get a
+      ReparentNotify and hopefully clean up its frame window. */
+ 
++if (! fsAlready) {
+   XtVaSetValues(toplevel, XtNoverrideRedirect, True, NULL);
+ 
+   XReparentWindow(dpy, XtWindow(toplevel), DefaultRootWindow(dpy), 0, 0);
+@@ -164,10 +168,22 @@
+ 
+   XtManageChild(viewport);
+ 
+-  /* Now we can set "toplevel" to its proper size. */
++} else {
++	XSync(dpy, False);
++}
+ 
++  /* Now we can set "toplevel" to its proper size. */
+   XtResizeWidget(toplevel, toplevelWidth, toplevelHeight, 0);
+ 
++if (fsAlready) {
++  XtResizeWidget(viewport, viewportWidth, viewportHeight, 0);
++  if (! toobig) {
++	XtVaSetValues(viewport, XtNforceBars, False, NULL);
++  }
++  XMoveWindow(dpy, XtWindow(viewport), viewportX, viewportY);
++  XSync(dpy, False);
++}
++
+   /* Set the popup to overrideRedirect too */
+ 
+   XtVaSetValues(popup, XtNoverrideRedirect, True, NULL);
+--- vnc_unixsrc.orig/vncviewer/rfbproto.c	2004-03-11 13:14:39.000000000 -0500
++++ vnc_unixsrc/vncviewer/rfbproto.c	2006-07-25 21:51:20.000000000 -0400
+@@ -177,6 +177,9 @@
+ 	  sig_rfbEncodingPointerPos, "Pointer position update");
+   CapsAdd(encodingCaps, rfbEncodingLastRect, rfbTightVncVendor,
+ 	  sig_rfbEncodingLastRect, "LastRect protocol extension");
++
++  CapsAdd(encodingCaps, rfbEncodingNewFBSize, rfbTightVncVendor,
++	  sig_rfbEncodingNewFBSize, "New FB size protocol extension");
+ }
+ 
+ 
+@@ -729,6 +732,7 @@
+   Bool requestCompressLevel = False;
+   Bool requestQualityLevel = False;
+   Bool requestLastRectEncoding = False;
++  Bool requestNewFBSizeEncoding = True;
+ 
+   spf.type = rfbSetPixelFormat;
+   spf.format = myFormat;
+@@ -806,6 +810,10 @@
+     if (se->nEncodings < MAX_ENCODINGS && requestLastRectEncoding) {
+       encs[se->nEncodings++] = Swap32IfLE(rfbEncodingLastRect);
+     }
++
++    if (se->nEncodings < MAX_ENCODINGS && requestNewFBSizeEncoding) {
++      encs[se->nEncodings++] = Swap32IfLE(rfbEncodingNewFBSize);
++    }
+   }
+   else {
+     if (SameMachine(rfbsock)) {
+@@ -849,6 +857,7 @@
+     }
+ 
+     encs[se->nEncodings++] = Swap32IfLE(rfbEncodingLastRect);
++    encs[se->nEncodings++] = Swap32IfLE(rfbEncodingNewFBSize);
+   }
+ 
+   len = sz_rfbSetEncodingsMsg + se->nEncodings * 4;
+@@ -1038,6 +1047,16 @@
+ 	}
+ 	continue;
+       }
++      if (rect.encoding == rfbEncodingNewFBSize) {
++	  fprintf(stderr,"New Size: %dx%d at (%d, %d)\n",
++		  rect.r.w, rect.r.h, rect.r.x, rect.r.y);
++	si.framebufferWidth = rect.r.w;
++	si.framebufferHeight = rect.r.h;
++        fprintf(stderr, "si: %d %d\n", si.framebufferWidth, si.framebufferHeight);
++	ReDoDesktop();
++
++	continue;
++      }
+ 
+       if ((rect.r.x + rect.r.w > si.framebufferWidth) ||
+ 	  (rect.r.y + rect.r.h > si.framebufferHeight))
+--- vnc_unixsrc.orig/vncviewer/shm.c	2000-06-11 08:00:53.000000000 -0400
++++ vnc_unixsrc/vncviewer/shm.c	2006-07-26 23:30:42.000000000 -0400
+@@ -41,6 +41,10 @@
+   }
+ }
+ 
++Bool UsingShm() {
++	return needShmCleanup;
++}
++
+ static int
+ ShmCreationXErrorHandler(Display *dpy, XErrorEvent *error)
+ {
+--- vnc_unixsrc.orig/vncviewer/vncviewer.h	2004-03-11 13:14:40.000000000 -0500
++++ vnc_unixsrc/vncviewer/vncviewer.h	2006-07-26 23:31:25.000000000 -0400
+@@ -162,6 +162,8 @@
+ extern void CopyDataToScreen(char *buf, int x, int y, int width, int height);
+ extern void SynchroniseScreen();
+ 
++extern void ReDoDesktop();
++
+ /* dialogs.c */
+ 
+ extern void ServerDialogDone(Widget w, XEvent *event, String *params,
+@@ -243,6 +245,7 @@
+ 
+ extern XImage *CreateShmImage();
+ extern void ShmCleanup();
++extern Bool UsingShm();
+ 
+ /* sockets.c */
+ 
+--- vnc_unixsrc.orig/vncviewer/vncviewer.c	2004-01-13 09:22:05.000000000 -0500
++++ vnc_unixsrc/vncviewer/vncviewer.c	2006-07-27 19:00:25.000000000 -0400
+@@ -57,6 +57,11 @@
+     }
+   }
+ 
++  if (argc > 1 && strstr(argv[1], "-h") == argv[1]) {
++  	usage();
++	return 0;
++  }
++
+   /* Call the main Xt initialisation function.  It parses command-line options,
+      generating appropriate resource specs, and makes a connection to the X
+      display. */

x11vnc/misc/enhanced_tightvnc_viewer/src/zips/README

+This is where we keep the 3rd party source zip and tar.gz files used
+to build this package.
+
+www.stunnel.org source       488512 Jul 25 15:09 stunnel-4.14.tar.gz
+www.tightvnc.com source     2182134 Jul 25 15:11 tightvnc-1.3dev7_unixsrc.tar.gz
+www.tightvnc.com windows
+  standalone viewer binary:  209149 Jul 25 15:10 tightvnc-1.3dev7_x86_viewer.zip
+
+To save space they may not be included in the package you downloaded.
+The should be included in the "enhanced_tightvnc_viewer_all-<version>.zip" file.
+Go to the websites indicated above or contact me if you cannot find them.
+
+The stunnel.patched.tar vnc_unixsrc_vncviewer.patched.tar
+files are tarballs of the original sources above with patches applied
+(used by build.unix script when patching fails).

x11vnc/remote.c

@@ -620,8 +620,6 @@ int remote_control_access_ok(void) {
 #endif	/* NO_X11 */
 }
 
-static int hack_val = 0;
-
 /*
  * Huge, ugly switch to handle all remote commands and queries
  * -remote/-R and -query/-Q.

x11vnc/util.c

@@ -417,6 +417,12 @@ void rfbPE(long usec) {
  		return;
  	}
 
+	if (debug_tiles > 2) {
+		double tm = dnow();
+		fprintf(stderr, "rfbPE(%d)  t: %.4f\n",
+		    (int) usec, tm - x11vnc_start);
+	}
+
 	if (usec > USEC_MAX) {
 		usec = USEC_MAX;
 	}
@@ -445,6 +451,13 @@ void rfbCFD(long usec) {
 		usec = USEC_MAX;
 	}
 
+	if (debug_tiles > 2) {
+		double tm = dnow();
+		fprintf(stderr, "rfbCFD(%d) t: %.4f\n",
+		    (int) usec, tm - x11vnc_start);
+	}
+
+
 	if (! use_threads) {
 		if (0 && all_input) {
 			static int cnt = 0;

x11vnc/x11vnc.1

@@ -2,7 +2,7 @@
 .TH X11VNC "1" "September 2006" "x11vnc " "User Commands"
 .SH NAME
 x11vnc - allow VNC connections to real X11 displays
-         version: 0.8.3, lastmod: 2006-09-10
+         version: 0.8.3, lastmod: 2006-09-13
 .SH SYNOPSIS
 .B x11vnc
 [OPTION]...
@@ -32,8 +32,8 @@ these protections.  See the FAQ for details how to tunnel the VNC connection
 through an encrypted channel such as 
 .IR ssh (1).
 In brief:
-.PP
-% ssh -L 5900:localhost:5900 far-host 'x11vnc -localhost -display :0'
+.IP
+ssh \fB-t\fR \fB-L\fR 5900:localhost:5900 far-host 'x11vnc \fB-localhost\fR \fB-display\fR :0'
 .PP
 % vncviewer -encodings 'copyrect tight zrle hextile' localhost:0
 .PP
@@ -130,17 +130,17 @@ even if it looks like 8bpp TrueColor (rare problem).
 .PP
 \fB-visual\fR \fIn\fR
 .IP
-Experimental option: probably does not do what you
-think.  It simply *forces* the visual used for the
-framebuffer; this may be a bad thing... (e.g. messes
-up colors or cause a crash). It is useful for testing
-and for some workarounds.  n may be a decimal number,
-or 0x hex.  Run 
+This option probably does not do what you think.
+It simply *forces* the visual used for the framebuffer;
+this may be a bad thing... (e.g. messes up colors or
+cause a crash). It is useful for testing and for some
+workarounds.  n may be a decimal number, or 0x hex.
+Run 
 .IR xdpyinfo (1)
-for the values.  One may
-also use "TrueColor", etc. see <X11/X.h> for a list.
-If the string ends in ":m" then for better or for
-worse the visual depth is forced to be m.
+for the values.  One may also use
+"TrueColor", etc. see <X11/X.h> for a list.  If the
+string ends in ":m" then for better or for worse the
+visual depth is forced to be m.
 .PP
 \fB-overlay\fR
 .IP
@@ -1788,7 +1788,7 @@ Go into the background after screen setup.  Messages to
 stderr are lost unless \fB-o\fR logfile is used.  Something
 like this could be useful in a script:
 .IP
-port=`ssh $host "x11vnc -display :0 -bg" | grep PORT`
+port=`ssh -t $host "x11vnc -display :0 -bg" | grep PORT`
 .IP
 port=`echo "$port" | sed -e 's/PORT=//'`
 .IP
@@ -2852,8 +2852,8 @@ or where window tearing is a problem.
 .PP
 \fB-rawfb\fR \fIstring\fR
 .IP
-Experimental option, instead of polling X, poll the
-memory object specified in \fIstring\fR.
+Instead of polling X, poll the memory object specified
+in \fIstring\fR.
 .IP
 For shared memory segments string is of the
 form: "shm:N@WxHxB" which specifies a shmid
@@ -3102,16 +3102,16 @@ format.
 .PP
 \fB-pipeinput\fR \fIcmd\fR
 .IP
-Another experimental option: it lets you supply an
-external command in \fIcmd\fR that x11vnc will pipe
-all of the user input events to in a simple format.
-In \fB-pipeinput\fR mode by default x11vnc will not process
-any of the user input events.  If you prefix \fIcmd\fR
-with "tee:" it will both send them to the pipe
-command and process them.  For a description of the
-format run "\fB-pipeinput\fR \fItee:/bin/cat\fR".  Another prefix
-is "reopen" which means to reopen pipe if it exits.
-Separate multiple prefixes with commas.
+This option lets you supply an external command in
+\fIcmd\fR that x11vnc will pipe all of the user input
+events to in a simple format.  In \fB-pipeinput\fR mode by
+default x11vnc will not process any of the user input
+events.  If you prefix \fIcmd\fR with "tee:" it will
+both send them to the pipe command and process them.
+For a description of the format run "-pipeinput
+tee:/bin/cat".  Another prefix is "reopen" which
+means to reopen pipe if it exits.  Separate multiple
+prefixes with commas.
 .IP
 In combination with \fB-rawfb\fR one might be able to
 do amusing things (e.g. control non-X devices).

x11vnc/x11vnc.c

@@ -431,7 +431,21 @@ static void watch_loop(void) {
 
 				unixpw_in_rfbPE = 1;
 
-				rfbPE(-1);
+				/*
+				 * do a few more since a key press may
+				 * have induced a small change we want to
+				 * see quickly (just 1 rfbPE will likely
+				 * only process the subsequent "up" event)
+				 */
+				if (tm < last_keyboard_time + 0.16) {
+					rfbPE(0);
+					rfbPE(0);
+					rfbPE(-1);
+					rfbPE(0);
+					rfbPE(0);
+				} else {
+					rfbPE(-1);
+				}
 
 				unixpw_in_rfbPE = 0;
 

x11vnc/x11vnc.h

@@ -450,6 +450,8 @@ extern double last_copyrect_fix;
 extern double servertime_diff;
 extern double x11vnc_start;
 
+extern int hack_val;
+
 /* last client to move pointer */
 extern rfbClientPtr last_pointer_client;
 

x11vnc/x11vnc_defs.c

@@ -15,7 +15,7 @@ int xtrap_base_event_type = 0;
 int xdamage_base_event_type = 0;
 
 /*               date +'lastmod: %Y-%m-%d' */
-char lastmod[] = "0.8.3 lastmod: 2006-09-10";
+char lastmod[] = "0.8.3 lastmod: 2006-09-13";
 
 /* X display info */
 
@@ -123,6 +123,8 @@ double last_copyrect_fix = 0.0;
 double servertime_diff = 0.0;
 double x11vnc_start = 0.0;
 
+int hack_val = 0;
+
 /* last client to move pointer */
 rfbClientPtr last_pointer_client = NULL;