SSVNC sync: stunnel upgrade and patch, change wish order, -anondh -ciphers option

VeNCrypt and TLSVNC support (in pproxy and unix vncviewer). Help text tweaks
  -killstunnel, s_client fixes, No Encryption easier. Zeroconf/avahi support.
  tk font fixes. SSVNC_ULTRA_FTP_JAR finding SSVNC_PREDIGESTED_HANDSHAKE
  SSVNC_SKIP_RFB_PROTOCOL_VERSION, SSVNC_SET_SECURITY_TYPE, etc hacks.

x11vnc/misc/enhanced_tightvnc_viewer/README

@@ -82,6 +82,10 @@ The enhanced TightVNC viewer features are:
 
 	- Sets up any additional SSH port redirections that you want.
 
+	- Zeroconf (aka Bonjour) is used on Unix and Mac OS X to find
+	  VNC servers on your local network if the avahi-browse or dns-sd
+	  program is available and in your PATH.
+
         - Port Knocking for "closed port" SSH/SSL connections.  In addition
           to a simple fixed port sequence and one-time-pad implementation,
           a hook is also provided to run any port knocking client before a
@@ -108,6 +112,8 @@ The enhanced TightVNC viewer features are:
 
 	- rfbNewFBSize VNC support (screen resizing)
 
+	- Client-side Scaling of the Viewer.
+
 	- ZRLE VNC encoding support (RealVNC's encoding)
 
 	- Support for the ZYWRLE encoding, a wavelet based extension to
@@ -268,8 +274,8 @@ Unix/MacOSX Install:
 
     For the conventional source tarball it will compile and install, e.g.:
 
-       gzip -dc ssvnc-1.0.20.src.tar.gz | tar xvf -
-       cd ssvnc-1.0.20
+       gzip -dc ssvnc-1.0.21.src.tar.gz | tar xvf -
+       cd ssvnc-1.0.21
        make config
        make all
        make PREFIX=/my/install/dir install
@@ -428,9 +434,10 @@ On Mac OS X depending on what you do you need these programs installed:
 
     Lesser used ones: netcat, smbclient, cups
 
-
 Most Mac OS X and Unix OS come with the main components installed. 
 	
+See the README.src for a more detailed description of dependencies.
+
 
 If you need to Build:
 --------------------
@@ -467,7 +474,7 @@ Feel free to ask us if you need help running ./build.unix
 Convential Build:
 
 A more conventional source tarball is provided in ssvnc-x.y.z.src.tar.gz.
-It uses a more or less familiar 'make config; make all; make install'
+It uses a more or less familiar 'make config; make all; make PREFIX=path install'
 method.  It does not include stunnel, so that must be installed on the
 system separately.
 

x11vnc/misc/enhanced_tightvnc_viewer/bin/ssvnc

@@ -30,7 +30,7 @@ fi
 
 if [ "X$WISH" = "X" ]; then
 	WISH=wish
-	for try in wish wish8.3 wish8.4 wish8.5 wish8.6
+	for try in wish8.4 wish wish8.3 wish8.5 wish8.6
 	do
 		if type $try > /dev/null; then
 			WISH=$try
@@ -114,8 +114,8 @@ elif [ ! -d "$dir/$name" -a $nearby = 0 ]; then
 	echo "Using externel \"vncviewer\" and \"stunnel\" found in PATH."
 else
 	STUNNEL=stunnel
-	STUNNEL_EXTRA_OPTS=${STUNNEL_EXTRA_OPTS:-"maxconn = 1"}
-	export STUNNEL STUNNEL_EXTRA_OPTS
+	#STUNNEL_EXTRA_OPTS=${STUNNEL_EXTRA_OPTS:-"maxconn = 1"}
+	#export STUNNEL STUNNEL_EXTRA_OPTS
 	SSVNC_VIEWER_INTERNAL=1
 	export SSVNC_VIEWER_INTERNAL
 fi

x11vnc/misc/enhanced_tightvnc_viewer/bin/ssvnc_cmd

@@ -201,8 +201,8 @@ elif [ ! -d "$dir/$name" -a $nearby = 0 ]; then
 
 else
 	STUNNEL=stunnel
-	STUNNEL_EXTRA_OPTS=${STUNNEL_EXTRA_OPTS:-"maxconn = 1"}
-	export STUNNEL STUNNEL_EXTRA_OPTS
+	#STUNNEL_EXTRA_OPTS=${STUNNEL_EXTRA_OPTS:-"maxconn = 1"}
+	#export STUNNEL STUNNEL_EXTRA_OPTS
 	SSVNC_VIEWER_INTERNAL=1
 	export SSVNC_VIEWER_INTERNAL
 fi

x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ss_vncviewer

@@ -162,6 +162,9 @@ ssh_args=""
 showcert=""
 reverse=""
 
+ciphers=""
+anondh="ALL:RC4+RSA:+SSLv2:@STRENGTH"
+
 if [ "X$1" = "X-viewerflavor" ]; then
 	# special case, try to guess which viewer:
 	#
@@ -196,6 +199,10 @@ if [ "X$SS_VNCVIEWER_NO_MAXCONN" != "X" ]; then
 	STUNNEL_EXTRA_OPTS=`echo "$STUNNEL_EXTRA_OPTS" | sed -e 's/maxconn/#maxconn/'`
 elif echo "$VNCVIEWERCMD" | egrep -i '^(xmessage|sleep )' > /dev/null; then
 	STUNNEL_EXTRA_OPTS=`echo "$STUNNEL_EXTRA_OPTS" | sed -e 's/maxconn/#maxconn/'`
+else
+	STUNNEL_ONCE=1; export STUNNEL_ONCE
+	STUNNEL_MAX_CLIENTS=1; export STUNNEL_MAX_CLIENTS
+	STUNNEL_NO_SYSLOG=1; export STUNNEL_NO_SYSLOG
 fi
 
 # grab our cmdline options:
@@ -217,6 +224,10 @@ do
                 ;;
 	"-sshargs")	shift; ssh_args="$1"
                 ;;
+	"-anondh")	ciphers="ciphers=$anondh"
+                ;;
+	"-ciphers")	shift; ciphers="ciphers=$1"
+                ;;
 	"-alpha")	gotalpha=1
                 ;;
 	"-showcert")	showcert=1
@@ -304,6 +315,47 @@ fi
 orig="$1"
 shift
 
+dL="-L"
+if uname -sr | egrep 'SunOS 5\.[5-8]' > /dev/null; then
+	dL="-h"
+fi
+
+# a portable, but not absolutely safe, tmp file creator
+mytmp() {
+	tf=$1
+	if type mktemp > /dev/null 2>&1; then
+		# if we have mktemp(1), use it:
+		tf2="$tf.XXXXXX"
+		tf2=`mktemp "$tf2"`
+		if [ "X$tf2" != "X" -a -f "$tf2" ]; then
+			if [ "X$DEBUG_MKTEMP" != "X" ]; then
+				echo "mytmp-mktemp: $tf2" 1>&2
+			fi
+			echo "$tf2"
+			return
+		fi
+	fi
+	# fallback to multiple cmds:
+	rm -rf "$tf" || exit 1
+	if [ -d "$tf" ]; then
+		echo "tmp file $tf still exists as a directory."
+		exit 1
+	elif [ $dL "$tf" ]; then
+		echo "tmp file $tf still exists as a symlink."
+		exit 1
+	elif [ -f "$tf" ]; then
+		echo "tmp file $tf still exists."
+		exit 1
+	fi
+	touch "$tf" || exit 1
+	chmod 600 "$tf" || exit 1
+	rchk
+	if [ "X$DEBUG_MKTEMP" != "X" ]; then
+		echo "mytmp-touch: $tf" 1>&2
+	fi
+	echo "$tf"
+}
+
 # set up special case of ultravnc single click III mode:
 if echo "$proxy" | egrep "^sslrepeater://" > /dev/null; then
 	pstr=`echo "$proxy" | sed -e 's,sslrepeater://,,'`
@@ -315,6 +367,13 @@ if echo "$proxy" | egrep "^sslrepeater://" > /dev/null; then
 	echo "reset: SSVNC_REPEATER=$SSVNC_REPEATER orig=$orig proxy=''"
 	proxy=""
 fi
+if echo "$proxy" | egrep "vencrypt://" > /dev/null; then
+	vtmp="/tmp/ss_handshake${RANDOM}.$$.txt"
+	vtmp=`mytmp "$vtmp"`
+	SSVNC_PREDIGESTED_HANDSHAKE="$vtmp"
+	export SSVNC_PREDIGESTED_HANDSHAKE
+	#echo "SSVNC_PREDIGESTED_HANDSHAKE=$SSVNC_PREDIGESTED_HANDSHAKE"
+fi
 
 
 # check -ssh and -mycert/-verify conflict:
@@ -561,47 +620,6 @@ rchk() {
 }
 rchk
 
-dL="-L"
-if uname -sr | egrep 'SunOS 5\.[5-8]' > /dev/null; then
-	dL="-h"
-fi
-
-# a portable, but not absolutely safe, tmp file creator
-mytmp() {
-	tf=$1
-	if type mktemp > /dev/null 2>&1; then
-		# if we have mktemp(1), use it:
-		tf2="$tf.XXXXXX"
-		tf2=`mktemp "$tf2"`
-		if [ "X$tf2" != "X" -a -f "$tf2" ]; then
-			if [ "X$DEBUG_MKTEMP" != "X" ]; then
-				echo "mytmp-mktemp: $tf2" 1>&2
-			fi
-			echo "$tf2"
-			return
-		fi
-	fi
-	# fallback to multiple cmds:
-	rm -rf "$tf" || exit 1
-	if [ -d "$tf" ]; then
-		echo "tmp file $tf still exists as a directory."
-		exit 1
-	elif [ $dL "$tf" ]; then
-		echo "tmp file $tf still exists as a symlink."
-		exit 1
-	elif [ -f "$tf" ]; then
-		echo "tmp file $tf still exists."
-		exit 1
-	fi
-	touch "$tf" || exit 1
-	chmod 600 "$tf" || exit 1
-	rchk
-	if [ "X$DEBUG_MKTEMP" != "X" ]; then
-		echo "mytmp-touch: $tf" 1>&2
-	fi
-	echo "$tf"
-}
-
 # trick for the undocumented rsh://host:port method.
 rsh_setup() {
 	if echo "$ssh_host" | grep '@' > /dev/null; then
@@ -665,6 +683,32 @@ if ($ENV{PPROXY_SOCKS} ne "" && $ENV{PPROXY_PROXY} !~ m,^socks5?://,i) {
 	}
 }
 
+my $rfbSecTypeTlsVnc   = 18;
+my $rfbSecTypeVencrypt = 19;
+
+my $rfbVencryptPlain        = 256;
+my $rfbVencryptTlsNone      = 257;
+my $rfbVencryptTlsVnc       = 258;
+my $rfbVencryptTlsPlain     = 259;
+my $rfbVencryptX509None     = 260;
+my $rfbVencryptX509Vnc      = 261;
+my $rfbVencryptX509Plain    = 262;
+
+my $handshake_file = "";
+if (exists $ENV{SSVNC_PREDIGESTED_HANDSHAKE})  {
+	$handshake_file = $ENV{SSVNC_PREDIGESTED_HANDSHAKE};
+}
+
+sub append_handshake {
+	my $str = shift;
+	if ($handshake_file) {
+		if (open(HSF, ">>$handshake_file")) {
+			print HSF $str;
+			close HSF;
+		}
+	}
+}
+
 my ($first, $second, $third) = split(/,/, $ENV{PPROXY_PROXY}, 3);
 my ($mode_1st, $mode_2nd, $mode_3rd) = ("", "", "");
 
@@ -825,6 +869,18 @@ sub url_parse {
 		if ($hostport !~ /:\d+/) {
 			$hostport .= ":5900";
 		}
+	} elsif ($hostport =~ m,^vencrypt://(\S*)$,i) {
+		# vencrypt handshake.
+		$hostport = $1;
+		my $m = "connect";
+		if ($hostpost =~ /^(\S+)\+(\S+)$/) {
+			$hostport = $1;
+			$mode = $2;
+		}
+		$mode = "vencrypt:$m";
+		if ($hostport !~ /:\d+/) {
+			$hostport .= ":5900";
+		}
 	}
 	return ($hostport, $mode);
 }
@@ -832,6 +888,7 @@ sub url_parse {
 sub setmode {
 	my $mode = shift;
 	$ENV{PPROXY_REPEATER} = "";
+	$ENV{PPROXY_VENCRYPT} = "";
 	if ($mode =~ /^socks/) {
 		if ($mode =~ /^socks5/) {
 			$ENV{PPROXY_SOCKS} = 5;
@@ -841,6 +898,9 @@ sub setmode {
 	} elsif ($mode =~ /^repeater:(.*)/) {
 		$ENV{PPROXY_REPEATER} = $1;
 		$ENV{PPROXY_SOCKS} = "";
+	} elsif ($mode =~ /^vencrypt:(.*)/) {
+		$ENV{PPROXY_VENCRYPT} = $1;
+		$ENV{PPROXY_SOCKS} = "";
 	} else {
 		$ENV{PPROXY_SOCKS} = "";
 	}
@@ -982,6 +1042,9 @@ sub connection {
 			sysread($sock, $c, 1);
 			print STDERR $c;
 		}
+	} elsif ($ENV{PPROXY_VENCRYPT} ne "") {
+		my $vencrypt = $ENV{PPROXY_VENCRYPT};
+		vencrypt_dialog($vencrypt);
 
 	} else {
 		# Web Proxy:
@@ -1010,6 +1073,189 @@ sub connection {
 	}
 }
 
+sub vdie {
+	append_handshake("done\n");
+	close $sock;
+	exit(1);
+}
+
+sub tlsvnc_handshake {
+	my ($vmode, $db) = @_;
+
+	print STDERR "PPROXY: Doing TLSVNC Handshake\n";
+
+	my $psec = pack("C", $rfbSecTypeTlsVnc);
+	syswrite($sock, $psec, 1);
+
+	append_handshake("done\n");
+}
+
+sub vencrypt_handshake {
+	
+	my ($vmode, $db) = @_;
+
+	print STDERR "PPROXY: Doing VeNCrypt Handshake\n";
+
+	my $psec = pack("C", $rfbSecTypeVencrypt);
+	syswrite($sock, $psec, 1);
+
+	my $vmajor;
+	my $vminor;
+	sysread($sock, $vmajor, 1);
+	sysread($sock, $vminor, 1);
+
+	vdie if $vmajor eq "" || $vminor eq "";
+
+	$vmajor = unpack("C", $vmajor);
+	$vminor = unpack("C", $vminor);
+	print STDERR "$vmajor.$vminor\n" if $db;
+
+	vdie if $vmajor ne 0;
+	vdie if $vminor < 2;
+
+	$vmajor = pack("C", 0);
+	$vminor = pack("C", 2);
+	append_handshake("subversion=0.2\n");
+
+	syswrite($sock, $vmajor, 1);
+	syswrite($sock, $vminor, 1);
+
+	my $result;
+	sysread($sock, $result, 1);
+
+	vdie if $result eq "";
+	$result = unpack("C", $result);
+	print STDERR "result=$result\n" if $db;
+
+	vdie if $result ne 0;
+
+	my $nsubtypes;
+	sysread($sock, $nsubtypes, 1);
+
+	vdie if $nsubtypes eq "";
+	$nsubtypes = unpack("C", $nsubtypes);
+	print STDERR "nsubtypes=$nsubtypes\n" if $db;
+
+	my %subtypes;
+
+	for (my $i = 0; $i < $nsubtypes; $i++) {
+		my $subtype = ""; 
+		sysread($sock, $subtype, 4);
+		vdie if length($subtype) != 4;
+
+		# XXX fix 64bit.
+		$subtype = unpack("N", $subtype);
+		print STDERR "subtype: $subtype\n" if $db;
+		$subtypes{$subtype} = 1;
+		append_handshake("sst$i=$subtype\n");
+	}
+
+	my $subtype = 0;
+	if (exists $subtypes{$rfbVencryptX509None})  {
+		$subtype = $rfbVencryptX509None;
+		print STDERR "selected rfbVencryptX509None\n" if $db;
+	} elsif (exists $subtypes{$rfbVencryptX509Vnc})  {
+		$subtype = $rfbVencryptX509Vnc;
+		print STDERR "selected rfbVencryptX509Vnc\n" if $db;
+	} elsif (exists $subtypes{$rfbVencryptX509Plain})  {
+		$subtype = $rfbVencryptX509Plain;
+		print STDERR "selected rfbVencryptX509Plain\n" if $db;
+	} elsif (exists $subtypes{$rfbVencryptTlsNone})  {
+		$subtype = $rfbVencryptTlsNone;
+		print STDERR "selected rfbVencryptTlsNone\n" if $db;
+	} elsif (exists $subtypes{$rfbVencryptTlsVnc})  {
+		$subtype = $rfbVencryptTlsVnc;
+		print STDERR "selected rfbVencryptTlsVnc\n" if $db;
+	} elsif (exists $subtypes{$rfbVencryptTlsPlain})  {
+		$subtype = $rfbVencryptTlsPlain;
+		print STDERR "selected rfbVencryptTlsPlain\n" if $db;
+	}
+	append_handshake("subtype=$subtype\n");
+
+	my $pst = pack("N", $subtype);
+	syswrite($sock, $pst, 4); 
+
+	vdie if $subtype == 0;
+
+	my $ok;
+	sysread($sock, $ok, 1);
+	$ok = unpack("C", $ok);
+	print STDERR "ok=$ok\n" if $db;
+
+	append_handshake("done\n");
+
+	vdie if $ok == 0;
+}
+
+sub vencrypt_dialog {
+	my $vmode = shift;
+	my $db = 0;
+
+	$db = 1 if exists $ENV{SS_DEBUG};
+
+	append_handshake("mode=$vmode\n");
+
+	my $server_rfb = "";
+	syswrite($sock, $rep, 250);
+	for (my $i = 0; $i < 12; $i++) {
+		my $c;
+		sysread($sock, $c, 1);
+		$server_rfb .= $c;
+		print STDERR $c;
+	}
+	print STDERR "server_rfb: $server_rfb\n" if $db;
+	append_handshake("server=$server_rfb");
+
+	my $minor = "";
+	if ($server_rfb =~ /^RFB 003\.(\d+)/) {
+		$minor = $1;
+	} else {
+		vdie;
+	}
+	my $viewer_rfb = "RFB 003.008\n";
+	if ($minor < 7) {
+		vdie;
+	} elsif ($minor == 7) {
+		$viewer_rfb = "RFB 003.007\n";
+	}
+	syswrite($sock, $viewer_rfb, 12);
+	append_handshake("viewer=$viewer_rfb");
+
+	my $nsec;
+
+	sysread($sock, $nsec, 1);
+	vdie if $nsec eq "";
+
+	$nsec = unpack("C", $nsec);
+
+	print STDERR "nsec: $nsec\n" if $db;
+	vdie if $nsec eq 0 || $nsec > 100;
+
+	my %sectypes = ();
+
+	for (my $i = 0; $i < $nsec; $i++) {
+		my $sec;
+		sysread($sock, $sec, 1);
+		vdie if $sec eq "";
+		$sec = unpack("C", $sec);
+		print STDERR "sec: $sec\n" if $db;
+		$sectypes{$sec} = 1;
+	}
+	
+	if (exists $sectypes{$rfbSecTypeVencrypt}) {
+		print STDERR "found rfbSecTypeVencrypt\n" if $db;
+		append_handshake("sectype=$rfbSecTypeVencrypt\n");
+		vencrypt_handshake($vmode, $db);
+	} elsif (exists $sectypes{$rfbSecTypeTlsVnc}) {
+		print STDERR "found rfbSecTypeTlsVnc\n" if $db;
+		append_handshake("sectype=$rfbSecTypeTlsVnc\n");
+		tlsvnc_handshake($vmode, $db);
+	} else {
+		print STDERR "No supported sec-type found\n" if $db;
+		vdie;
+	}
+}
+
 sub xfer {
 	my($in, $out) = @_;
 	$RIN = $WIN = $EIN = "";
@@ -1104,8 +1350,8 @@ if [ "X$use_ssh" = "X1" ]; then
 
 	if echo "$proxy" | egrep '(http|https|socks|socks4|socks5)://' > /dev/null; then
 		# Handle Web or SOCKS proxy(ies) for the initial connect.
-Kecho host=$host
-Kecho port=$port
+		Kecho host=$host
+		Kecho port=$port
 		pproxy=""
 		sproxy1=""
 		sproxy_rest=""
@@ -1126,9 +1372,10 @@ Kecho port=$port
 		done
 		pproxy=`echo "$pproxy" | sed -e 's/^,,*//' -e 's/,,*/,/g'`
 		sproxy_rest=`echo "$sproxy_rest" | sed -e 's/^,,*//' -e 's/,,*/,/g'`
-Kecho pproxy=$pproxy
-Kecho sproxy1=$sproxy1
-Kecho sproxy_rest=$sproxy_rest
+
+		Kecho pproxy=$pproxy
+		Kecho sproxy1=$sproxy1
+		Kecho sproxy_rest=$sproxy_rest
 
 		sproxy1_host=""
 		sproxy1_port=""
@@ -1164,9 +1411,9 @@ Kecho sproxy_rest=$sproxy_rest
 			fi
 		fi
 
-Kecho sproxy1_host=$sproxy1_host
-Kecho sproxy1_port=$sproxy1_port
-Kecho sproxy1_user=$sproxy1_user
+		Kecho sproxy1_host=$sproxy1_host
+		Kecho sproxy1_port=$sproxy1_port
+		Kecho sproxy1_user=$sproxy1_user
 
 		ptmp="/tmp/ss_vncviewer_ssh${RANDOM}.$$.pl"
 		ptmp=`mytmp "$ptmp"`
@@ -1204,7 +1451,7 @@ Kecho sproxy1_user=$sproxy1_user
 		if [ "X$sproxy_rest" != "X" ]; then
 			proxy="$proxy,$sproxy_rest"
 		fi
-Kecho proxy=$proxy
+		Kecho proxy=$proxy
 	fi
 
 	if echo "$proxy" | grep "," > /dev/null; then
@@ -1550,13 +1797,26 @@ if [ "X$showcert" = "X1" ]; then
 	if [ "X$proxy" != "X" ]; then
 		PPROXY_LISTEN=$use
 		export PPROXY_LISTEN
-		$ptmp 2>/dev/null &
+		if [ "X$SS_DEBUG" != "X" ]; then
+			$ptmp &
+		else
+			$ptmp 2>/dev/null &
+		fi
 		sleep 1
 		host="localhost"
 		port="$use"
 	fi
-	openssl s_client -connect $host:$port 2>&1 < /dev/null
-	exit $?
+	cipher_args=""
+	if [ "X$ciphers" != "X" ]; then
+		cipher_args=`echo "$ciphers" | sed -e 's/ciphers=/-cipher /'`
+	fi
+	#echo "openssl s_client $cipher_args -connect $host:$port" 
+	openssl s_client $cipher_args -prexit -connect $host:$port 2>&1 < /dev/null
+	rc=$?
+	if [ "X$SSVNC_PREDIGESTED_HANDSHAKE" != "X" ]; then
+		rm -f $SSVNC_PREDIGESTED_HANDSHAKE
+	fi
+	exit $rc
 fi
 
 if [ "X$direct_connect" != "X" ]; then
@@ -1783,6 +2043,7 @@ foreground = yes
 pid =
 client = yes
 debug = 6
+$ciphers
 $STUNNEL_EXTRA_OPTS
 $STUNNEL_EXTRA_OPTS_USER
 $verify
@@ -1818,6 +2079,7 @@ foreground = yes
 pid =
 client = no
 debug = 6
+$ciphers
 $STUNNEL_EXTRA_OPTS
 $STUNNEL_EXTRA_OPTS_USER
 $verify

x11vnc/misc/enhanced_tightvnc_viewer/man/man1/ssvnc.1

@@ -8,7 +8,7 @@
 .\" License as specified in the file LICENCE.TXT that comes with the
 .\" TightVNC distribution.
 .\"
-.TH ssvnc 1 "September 2008" "" "SSVNC"
+.TH ssvnc 1 "November 2008" "" "SSVNC"
 .SH NAME
 ssvnc \- a GUI wrapper for SSL and SSH VNC connections.
 .SH SYNOPSIS
@@ -21,7 +21,7 @@ ssvnc \- a GUI wrapper for SSL and SSH VNC connections.
 .RI [\| saved-profile-name \|]
 .br
 .B ssvnc
-.RI [\| options \|][\| host-or-profile \]
+.RI [\| options \|]\ [\| host-or-profile \]
 .br
 .B ssvnc
 .IR \--help
@@ -49,7 +49,8 @@ E.g. "fred@far-away.east:0".
 
 As an easter egg, we note it is also possible to disable the use of SSL/SSH 
 encryption tunnels by using a vnc:// or Vnc:// prefix before
-host:display.
+host:display.  Shift+Ctrl-E is a short-cut to add/remove it.
+See also the \fB-noenc\fR option below.
 
 Normally you do not specify any command line options.  You simply
 run \fBssvnc\fR and use the GUI that starts up.
@@ -59,7 +60,7 @@ on the command line to connect to immediately (the GUI is started
 and the connection is initiated).  For example, "\fBssvnc far-away.east:0\fR"
 Instead of a  host:display, you can specify the name of a saved profile to
 automatically load that profile and then connect to its server.  
-For example "\fBssvnc far\fR", if you name the profile "far".
+For example "\fBssvnc far\fR", if you named the profile "far".
 You can use the \fB-profiles\fR option to list the profiles you have saved.
 
 The related commands \fBsshvnc\fR and \fBtsvnc\fR start up the GUI in
@@ -108,6 +109,18 @@ Same as SSVNC_NO_VERIFY_ALL_BUTTON=1.
 \fB\-bigger\fR
 Make the Profile Selection Dialog window bigger.
 Same as SSVNC_BIGGER_DIALOG=1.
+.TP
+\fB\-noenc\fR
+Start off in a mode where a 'No Encryption' check button is present.
+You can toggle the mode with Ctrl-E.
+Same as SSVNC_DISABLE_ENCRYPTION_BUTTON=1. Or noenc=1 in ~/.ssvncrc.
+Selecting no encryption is the same as the vnc:// and Vnc:// prefixes
+described below.
+.TP
+\fB\-killstunnel\fR
+On Windows, automatically terminate the STUNNEL process when the viewer
+exits instead of prompting you (same as killstunnel=1 in ssvnc_rc or
+toggle in Options menu)
 .SH URL NOTATION
 Here are all of our URL-like prefixes that you can put in front of
 host:display (or host:port): 
@@ -116,7 +129,7 @@ For SSL:  vncs:// vncssl:// and vnc+ssl://
 
 For SSH:  vncssh:// and vnc+ssh://
 
-For No Encryption Tunnel:  vnc:// and Vnc://
+For No Encryption:  vnc:// and Vnc://
 
 Examples:
 
@@ -128,6 +141,10 @@ To quickly make a direct connection: \fBssvnc Vnc://snoopy.com:0\fR
 
 The above will also work in the "VNC Host:Display" entry box in the GUI.
 Press the "Connect" button after entering them.
+
+The difference between vnc:// and Vnc:// is that the latter one will not
+prompt you whether you really want to make an unencrypted connection
+or not.
 .SH FILES
 Your SSVNC vnc profiles are stored in the \fB$HOME/.vnc/profiles\fR
 directory.  They end in suffix \fB.vnc\fR

x11vnc/misc/enhanced_tightvnc_viewer/src/patches/_bundle

@@ -1,7 +1,7 @@
 #!/bin/sh
 
 rm -rf ./src/tmp/* || exit 1
-vers=1.0.21
+vers=1.0.22
 
 cd .. || exit 1
 
@@ -12,7 +12,7 @@ dest=./t.unix_only
 rm -rf $dest
 mkdir -p $dest || exit 1
 
-tar cvf - ssvnc/{README,COPYING} ssvnc/bin ssvnc/Unix | (cd $dest; tar xvf -)
+tar cvf - ssvnc/{README,COPYING,ssvnc.desktop} ssvnc/bin ssvnc/Unix | (cd $dest; tar xvf -)
 rm -f $dest/ssvnc/bin/.linkin
 
 tar=ssvnc_unix_only-${vers}.tar.gz
@@ -25,8 +25,7 @@ dest=./t.unix_minimal
 rm -rf $dest
 mkdir -p $dest || exit 1
 
-#tar cvf - ssvnc/{README,COPYING} ssvnc/bin/{ss*,util/ss*} ssvnc/Unix | (cd $dest; tar xvf -)
-tar cvf - ssvnc/{README,COPYING} ssvnc/bin/{ss*,util/ss*} | (cd $dest; tar xvf -)
+tar cvf - ssvnc/{README,COPYING,ssvnc.desktop} ssvnc/bin/{ss*,util/ss*} | (cd $dest; tar xvf -)
 
 tar=ssvnc_unix_minimal-${vers}.tar.gz
 (cd $dest; tar czvf ../$tar ssvnc)
@@ -46,7 +45,7 @@ data__() {'
 
 scr=./ssvnc.sh
 echo "$top" > $scr
-(cd ssvnc; tar cvf - README COPYING bin/{ss*,util/ss*}) >> $scr
+(cd ssvnc; tar cvf - README COPYING ssvnc.desktop bin/{ss*,util/ss*}) >> $scr
 chmod 755 $scr
 ls -l $scr
 

x11vnc/misc/enhanced_tightvnc_viewer/src/patches/stunnel-maxconn.patch

@@ -1,124 +1,56 @@
 diff -Naur stunnel.orig/src/client.c stunnel/src/client.c
---- stunnel.orig/src/client.c	2005-10-24 14:00:56.000000000 -0400
-+++ stunnel/src/client.c	2006-07-31 21:51:37.000000000 -0400
-@@ -126,6 +126,10 @@
+--- stunnel.orig/src/client.c	2008-03-27 04:35:27.000000000 -0400
++++ stunnel/src/client.c	2008-11-19 21:40:00.000000000 -0500
+@@ -191,6 +191,7 @@
+     enter_critical_section(CRIT_CLIENTS); /* for multi-cpu machines */
      s_log(LOG_DEBUG, "%s finished (%d left)", c->opt->servname,
          --num_clients);
++	if (getenv("STUNNEL_ONCE")) {fprintf(stderr, "stunnel: exiting.\n"); exit(0);}
      leave_critical_section(CRIT_CLIENTS);
-+    if (num_clients <= 0 && options.maxconn > 0 && num_conn >= options.maxconn) {
-+            s_log(LOG_NOTICE, "client() finished: exceeded maxconn");
-+	    exit(0);
-+    }
  #endif
-     free(c);
- #ifdef DEBUG_STACK_SIZE
+ }
 diff -Naur stunnel.orig/src/network.c stunnel/src/network.c
---- stunnel.orig/src/network.c	2005-10-30 16:35:42.000000000 -0500
-+++ stunnel/src/network.c	2006-07-31 21:53:49.000000000 -0400
-@@ -329,6 +329,10 @@
+--- stunnel.orig/src/network.c	2008-03-27 05:28:16.000000000 -0400
++++ stunnel/src/network.c	2008-11-19 21:39:41.000000000 -0500
+@@ -346,6 +346,7 @@
          /* no logging is possible in a signal handler */
  #ifdef USE_FORK
-         num_clients--; /* one client less */
-+        if (num_clients <= 0 && options.maxconn > 0 && num_conn >= options.maxconn) {
-+                s_log(LOG_NOTICE, "sigchld_handler() finished: exceeded maxconn");
-+                exit(0);
-+        }
+         --num_clients; /* one client less */
++	if (getenv("STUNNEL_ONCE")) exit(0);
  #endif /* USE_FORK */
      }
  #else /* __sgi */
-@@ -375,6 +379,10 @@
+@@ -432,9 +433,11 @@
+ #ifdef HAVE_WAIT_FOR_PID
+     while((pid=wait_for_pid(-1, &status, WNOHANG))>0) {
+         --num_clients; /* one client less */
++	if (getenv("STUNNEL_ONCE")) exit(0);
+ #else
      if((pid=wait(&status))>0) {
-         num_clients--; /* one client less */
+         --num_clients; /* one client less */
++	if (getenv("STUNNEL_ONCE")) exit(0);
  #endif
-+        if (num_clients <= 0 && options.maxconn > 0 && num_conn >= options.maxconn) {
-+                s_log(LOG_NOTICE, "client_status() finished: exceeded maxconn");
-+                exit(0);
-+        }
  #ifdef WIFSIGNALED
          if(WIFSIGNALED(status)) {
-             s_log(LOG_DEBUG, "Process %d terminated on signal %d (%d left)",
 diff -Naur stunnel.orig/src/options.c stunnel/src/options.c
---- stunnel.orig/src/options.c	2005-10-20 03:12:07.000000000 -0400
-+++ stunnel/src/options.c	2006-07-31 22:49:57.000000000 -0400
-@@ -665,6 +665,24 @@
+--- stunnel.orig/src/options.c	2008-06-21 17:18:23.000000000 -0400
++++ stunnel/src/options.c	2008-11-19 21:15:01.000000000 -0500
+@@ -465,6 +465,7 @@
+     switch(cmd) {
+     case CMD_INIT:
+         options.option.syslog=1;
++	if (getenv("STUNNEL_NO_SYSLOG")) options.option.syslog=0;
          break;
-     }
- 
-+    /* maxconn */
-+    switch(cmd) {
-+    case CMD_INIT:
-+        options.maxconn=0;
-+        break;
-+    case CMD_EXEC:
-+        if(strcasecmp(opt, "maxconn"))
-+            break;
-+        options.maxconn=atoi(arg);
-+            return NULL; /* OK */
-+    case CMD_DEFAULT:
-+        log_raw("%-15s = 0", "maxconn");
-+        break;
-+    case CMD_HELP:
-+        log_raw("%-15s = maximum number of accepted connections", "maxconn");
-+        break;
-+    }
-+
-     if(cmd==CMD_EXEC)
-         return option_not_found;
-     return NULL; /* OK */
-diff -Naur stunnel.orig/src/prototypes.h stunnel/src/prototypes.h
---- stunnel.orig/src/prototypes.h	2005-10-27 05:41:28.000000000 -0400
-+++ stunnel/src/prototypes.h	2006-07-31 22:49:36.000000000 -0400
-@@ -44,6 +44,7 @@
- /**************************************** Prototypes for stunnel.c */
- 
- extern int num_clients;
-+extern int num_conn;
- 
- void main_initialize(char *, char *);
- void main_execute(void);
-@@ -113,6 +114,7 @@
-     long session_timeout;
-     int verify_level;
-     int verify_use_only_my;
-+    int maxconn;
-     long ssl_options;
- 
-         /* some global data for stunnel.c */
+     case CMD_EXEC:
+         if(strcasecmp(opt, "syslog"))
 diff -Naur stunnel.orig/src/stunnel.c stunnel/src/stunnel.c
---- stunnel.orig/src/stunnel.c	2005-11-02 15:18:42.000000000 -0500
-+++ stunnel/src/stunnel.c	2006-07-31 21:40:04.000000000 -0400
-@@ -53,6 +53,7 @@
- #endif
- 
- int num_clients=0; /* Current number of clients */
-+int num_conn=0;    /* Total number of connections */
- 
-     /* Functions */
- 
-@@ -138,6 +139,7 @@
+--- stunnel.orig/src/stunnel.c	2008-06-21 17:32:45.000000000 -0400
++++ stunnel/src/stunnel.c	2008-11-19 21:14:28.000000000 -0500
+@@ -301,6 +301,7 @@
      }
+ #endif
+ #endif
++	if (getenv("STUNNEL_MAX_CLIENTS")) max_clients = atoi(getenv("STUNNEL_MAX_CLIENTS"));
+ }
  
-     num_clients=0;
-+    num_conn=0;
- 
-     /* bind local ports */
-     for(opt=local_options.next; opt; opt=opt->next) {
-@@ -222,6 +224,18 @@
-                 return; /* error */
-         }
-     }
-+    num_conn++;
-+fprintf(stderr, "num_conn: %d\n", num_conn);
-+    if (options.maxconn > 0 && num_conn > options.maxconn) {
-+        s_log(LOG_WARNING, "Connection rejected: exceeded maxconn (%d>%d)",
-+            num_conn, options.maxconn);
-+        closesocket(s);
-+	if (num_clients == 0) {
-+            s_log(LOG_WARNING, "Finished via maxconn.");
-+            exit(0);
-+	}
-+        return;
-+    }
-     s_ntop(from_address, &addr);
-     s_log(LOG_DEBUG, "%s accepted FD=%d from %s",
-         opt->servname, s, from_address);
+ #if !defined (USE_WIN32) && !defined (__vms) && !defined(USE_OS2)

x11vnc/misc/enhanced_tightvnc_viewer/ssvnc.desktop

@@ -0,0 +1,11 @@
+[Desktop Entry]
+# Copy this file to "/usr/shared/applications/ssvnc.desktop" then SSVNC will
+# appear in desktop menus (once they are updated; e.g. update-menus command).
+Name=SSL/SSH VNC Viewer
+Comment=SSVNC - access remote VNC desktops
+Exec=ssvnc -noenc
+Icon=computer
+Terminal=false
+Type=Application
+StartupWMClass=Ssvnc.tcl
+Categories=Network;RemoteAccess;